CVE-2024-26843: efi: runtime: Fix potential overflow of soft-reserved region size

Description

In the Linux kernel, the following vulnerability has been resolved:

efi: runtime: Fix potential overflow of soft-reserved region size

md_size will have been narrowed if we have >= 4GB worth of pages in a
soft-reserved region.

Classification

CVE ID: CVE-2024-26843

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.41% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/4fff3d735baea104017f2e3c245e27cdc79f2426
https://git.kernel.org/stable/c/4aa36b62c3eaa869860bf78b1146e9f2b5f782a9
https://git.kernel.org/stable/c/700c3f642c32721f246e09d3a9511acf40ae42be
https://git.kernel.org/stable/c/cf3d6813601fe496de7f023435e31bfffa74ae70
https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0
https://git.kernel.org/stable/c/de1034b38a346ef6be25fe8792f5d1e0684d5ff4

Timeline

2024-12-20 00:34:26 UTC
CVE

efi: runtime: Fix potential overflow of soft-reserved region size