Linux Kernel EFI MOKVAR Table Size Validation Vulnerability

A vulnerability in the Linux kernel's handling of the EFI MOKVAR table can lead to a failure in mapping the table correctly, causing a traceback error. This issue arises because the kernel currently (re)maps the entire MOKVAR table on each iteration, which can exceed the limits of early memory mapping and result in a failure. The vulnerability is present in the EFI MOKVAR table initialization process, where the entire table is mapped instead of just the necessary entry headers. This flaw can cause the system to fail when the table grows too large, leading to a warning and a traceback error.

Impact

The vulnerability can cause the system to fail in mapping the EFI MOKVAR configuration table, leading to a traceback error and a warning about the mapping failure. This failure can disrupt the normal boot process and cause issues with EFI variable management.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the EFI MOKVAR table initialization process to map only the entry headers, rather than the entire table. This change prevents the mapping process from exceeding memory limits and causing failures.