Nixpkgs security tracker

Published

Permalink CVE-2026-6862

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 6 days, 11 hours ago by @LeSuisse Activity log

Created suggestion 6 days, 17 hours ago
@LeSuisse accepted 6 days, 11 hours ago
@LeSuisse published on GitHub 6 days, 11 hours ago

Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).

References

https://access.redhat.com/security/cve/CVE-2026-6862 vdb-entryx_refsource_REDHAT
RHBZ#2459982 issue-trackingx_refsource_REDHAT

Affected products

rhcos

efivar

Matching in nixpkgs

pkgs.efivar

Tools and library to manipulate EFI variables

nixos-unstable 39
- nixpkgs-unstable 39
- nixos-unstable-small 39
nixos-25.11 39
- nixos-25.11-small 39
- nixpkgs-25.11-darwin 39

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.efivar