CVE-2024-26678 addresses a vulnerability in the Linux kernel's handling of the PE/COFF .compat section within the x86/efistub bootloader code. The .compat section is a small (8-byte) dummy PE section that contains the address of the 32-bit entry point for the 64-bit kernel image, enabling booting from 32-bit firmware when CONFIG_EFI_MIXED is enabled. The vulnerability arises because this section is placed at the end of the memory view of the image without the usual 4KB padding, violating the PE/COFF specification. According to the spec, section headers must describe file and memory views in a monotonically increasing manner without gaps. While most EFI loaders, including the Tianocore reference implementation, tolerate this layout, some PE loaders reject such images due to this nonconformance. This can lead to boot failures on systems using these strict PE loaders. The fix reorganizes the sections to comply with the PE/COFF spec, introducing a slight padding overhead of less than 4KB. Alternatively, disabling CONFIG_EFI_MIXED (which is rarely needed nowadays) avoids the issue altogether. This vulnerability is not known to be exploited in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet. The issue primarily impacts systems that rely on mixed 32-bit/64-bit EFI booting, which is a niche configuration.

For European organizations, the impact of CVE-2024-26678 is primarily related to system availability and reliability during the boot process on affected Linux systems configured with CONFIG_EFI_MIXED enabled. Organizations using Linux servers or embedded devices that boot via EFI firmware with mixed 32-bit and 64-bit support may experience boot failures or inability to start the kernel if their EFI loaders strictly enforce PE/COFF section layout compliance. This could disrupt critical infrastructure, especially in environments where Linux is used for servers, network equipment, or industrial control systems. However, since the vulnerability does not allow for privilege escalation, remote code execution, or data compromise, the confidentiality and integrity impacts are minimal. The lack of known exploits and the niche configuration reduce the overall risk. Still, organizations relying on affected configurations should prioritize patching to ensure reliable boot processes and avoid downtime. The slight increase in image size due to padding is negligible for most deployments.

1. Apply the official Linux kernel patch that reorganizes the PE/COFF sections to comply with the specification, ensuring compatibility with all EFI loaders. 2. For systems where patching is not immediately feasible, consider disabling the CONFIG_EFI_MIXED kernel configuration option if mixed 32-bit/64-bit EFI booting is not required. This will avoid the problematic section layout. 3. Validate EFI loader compatibility in test environments before deploying updated kernels, especially on hardware with strict PE/COFF compliance. 4. Maintain updated firmware and bootloader versions, as some EFI loaders may have been updated to tolerate this layout issue. 5. Implement robust system monitoring to detect boot failures promptly and have recovery procedures in place. 6. Document and inventory systems using CONFIG_EFI_MIXED to prioritize remediation efforts. 7. Coordinate with hardware vendors to confirm EFI loader behavior and obtain firmware updates if necessary.