CVE-2026-6862: Uncontrolled Recursion in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).
AI Analysis
Technical Summary
This vulnerability in libefiboot's device path node parser fails to enforce a minimum Length field size of 4 bytes for EFI device path node headers. When a local user provides a malformed device path node with an invalid Length field, the parser enters infinite recursion, exhausting the stack and crashing the process. This results in a denial of service condition on affected Red Hat Enterprise Linux 10 systems. The CVSS 3.1 base score is 5.5, reflecting medium severity with local attack vector, low complexity, no privileges required, user interaction needed, unchanged scope, no confidentiality or integrity impact, and high availability impact. No known exploits are reported in the wild. The vendor advisory does not currently specify a patch or remediation.
Potential Impact
Successful exploitation causes a denial of service by crashing processes due to stack exhaustion from infinite recursion. There is no impact on confidentiality or integrity. The attack requires local user access and user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6862 for current remediation guidance. Until a fix is available, restrict local user access and avoid processing untrusted device path nodes if possible.
CVE-2026-6862: Uncontrolled Recursion in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in libefiboot's device path node parser fails to enforce a minimum Length field size of 4 bytes for EFI device path node headers. When a local user provides a malformed device path node with an invalid Length field, the parser enters infinite recursion, exhausting the stack and crashing the process. This results in a denial of service condition on affected Red Hat Enterprise Linux 10 systems. The CVSS 3.1 base score is 5.5, reflecting medium severity with local attack vector, low complexity, no privileges required, user interaction needed, unchanged scope, no confidentiality or integrity impact, and high availability impact. No known exploits are reported in the wild. The vendor advisory does not currently specify a patch or remediation.
Potential Impact
Successful exploitation causes a denial of service by crashing processes due to stack exhaustion from infinite recursion. There is no impact on confidentiality or integrity. The attack requires local user access and user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6862 for current remediation guidance. Until a fix is available, restrict local user access and avoid processing untrusted device path nodes if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-22T13:19:59.764Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-6862","vendor":"Red Hat"}]
Threat ID: 69e8d83619fe3cd2cdbdacb1
Added to database: 4/22/2026, 2:16:22 PM
Last enriched: 4/22/2026, 2:31:16 PM
Last updated: 4/22/2026, 5:08:55 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.