CVE-2026-45851
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
27/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
efi: Fix reservation of unaccepted memory table<br />
<br />
The reserve_unaccepted() function incorrectly calculates the size of the<br />
memblock reservation for the unaccepted memory table. It aligns the<br />
size of the table, but fails to account for cases where the table&#39;s<br />
starting physical address (efi.unaccepted) is not page-aligned.<br />
<br />
If the table starts at an offset within a page and its end crosses into<br />
a subsequent page that the aligned size does not cover, the end of the<br />
table will not be reserved. This can lead to the table being overwritten<br />
or inaccessible, causing a kernel panic in accept_memory().<br />
<br />
This issue was observed when starting Intel TDX VMs with specific memory<br />
sizes (e.g., > 64GB).<br />
<br />
Fix this by calculating the end address first (including the unaligned<br />
start) and then aligning it up, ensuring the entire range is covered<br />
by the reservation.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0862438c90487e79822d5647f854977d50381505
- https://git.kernel.org/stable/c/9b18bf59977f5c5bc3b11b210520f62500a7adf3
- https://git.kernel.org/stable/c/b7bc182ec1846be437351e44164089d988f9d0dd
- https://git.kernel.org/stable/c/ba6b6f1502fa55621d1db23f253d54322bdbe4e0
- https://git.kernel.org/stable/c/e649b5916725c68f44ebf45fb396df563c5dbaf2



