CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section<br /> <br /> The .compat section is a dummy PE section that contains the address of<br /> the 32-bit entrypoint of the 64-bit kernel image if it is bootable from<br /> 32-bit firmware (i.e., CONFIG_EFI_MIXED=y)<br /> <br /> This section is only 8 bytes in size and is only referenced from the<br /> loader, and so it is placed at the end of the memory view of the image,<br /> to avoid the need for padding it to 4k, which is required for sections<br /> appearing in the middle of the image.<br /> <br /> Unfortunately, this violates the PE/COFF spec, and even if most EFI<br /> loaders will work correctly (including the Tianocore reference<br /> implementation), PE loaders do exist that reject such images, on the<br /> basis that both the file and memory views of the file contents should be<br /> described by the section headers in a monotonically increasing manner<br /> without leaving any gaps.<br /> <br /> So reorganize the sections to avoid this issue. This results in a slight<br /> padding overhead (