CVE-2026-6862

CVE-2026-6862: A flaw in libefiboot (part of efivar) affects the device path node parser, which does not validate that each node’s Length is at least 4 bytes (EFI node header minimum). A crafted device path node could trigger infinite recursion, stack exhaustion, and a DoS via a process crash. Do...

CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

PT-2026-34450

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

EUVD-2025-25550

Malicious code in bioql PyPI...

CVE-2025-38652

CVE-2025-38652: In the Linux kernel, a f2fs path handling bug can cause out-of-bounds access when constructing devs.path for a device, due to sbi->devs.path[] not leaving space for the trailing null terminator. Root cause: device path storage (path[MAX_PATH_LEN]) can be fully filled, causing p...