CVE-2026-45851 Linux CVE debrief

Who should care

Organizations running Intel TDX confidential computing workloads with large memory allocations (>64GB), Linux kernel maintainers, virtualization platform operators, and cloud providers offering TDX-based confidential VMs.

Technical summary

The vulnerability exists in `reserve_unaccepted()` in the Linux kernel's EFI subsystem. The function aligns the size of the unaccepted memory table but fails to account for unaligned starting physical addresses. When `efi.unaccepted` is not page-aligned, the aligned size may not cover the full table range, leaving the end unreserved. This causes the table to potentially be overwritten, leading to kernel panics in `accept_memory()` when processing unaccepted memory. The fix calculates the end address first (including unaligned start) then aligns upward to ensure complete coverage.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patch for your kernel version
• For Intel TDX deployments with >64GB memory, prioritize patching
• Verify memblock reservation behavior in EFI boot logs if experiencing kernel panics on TDX VMs
• Monitor kernel stable tree for additional backports

Evidence notes

The vulnerability description indicates this was resolved in the Linux kernel stable tree with commits across multiple kernel versions. The issue specifically affects Intel TDX (Trust Domain Extensions) VMs and was observed with memory configurations greater than 64GB.

Official resources