CVE-2026-45851
Awaiting Analysis Awaiting Analysis - Queue
Memory Reservation Flaw in Linux Kernel EFI

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserve_unaccepted() function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account for cases where the table's starting physical address (efi.unaccepted) is not page-aligned. If the table starts at an offset within a page and its end crosses into a subsequent page that the aligned size does not cover, the end of the table will not be reserved. This can lead to the table being overwritten or inaccessible, causing a kernel panic in accept_memory(). This issue was observed when starting Intel TDX VMs with specific memory sizes (e.g., > 64GB). Fix this by calculating the end address first (including the unaligned start) and then aligning it up, ensuring the entire range is covered by the reservation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45851
EUVD
EUVD-2026-32317
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (inc)
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information about CVE-2026-45851 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the Linux kernel's EFI memory reservation system. Specifically, the reserve_unaccepted() function incorrectly calculates the size of the memory reservation for the unaccepted memory table. While it aligns the size of the table, it does not properly handle cases where the table's starting physical address is not aligned to a page boundary.

If the table starts at an offset within a memory page and extends into the next page, the current calculation may fail to reserve the entire table. This means the end of the table might not be reserved, potentially allowing it to be overwritten or become inaccessible.

This issue can cause a kernel panic during the accept_memory() process, which was notably observed when starting Intel TDX virtual machines with large memory sizes (greater than 64GB). The fix involves calculating the end address first, including the unaligned start, and then aligning it upwards to ensure the entire memory range is reserved.

Impact Analysis

This vulnerability can lead to a kernel panic, which is a critical system crash, during the memory acceptance process in the Linux kernel. Such crashes can cause system instability, unexpected downtime, and potential data loss.

In environments using Intel TDX virtual machines with large memory allocations (e.g., over 64GB), this issue may be more likely to occur, potentially impacting the reliability and availability of those systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart