CRITICALCVE-2026-43406Published Modified CNA Linux
CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header()
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of the message header or a different frame is made to look like a message frame, out-of-bounds reads may ensue in process_message_header(). Perform an explicit bounds check before decoding the message header.
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- 0
- Affected Products
- 2
Fix available
0035867ae6f18df0aeedb2a57a5b74091bd4e3fe85.15.20350156622eb0888e62541d715a98584480a1bc7cb6.1.1676.6.1306.12.786.18.196.19.969fb5d91bba44ecf7eb80530b85fa4fb028921d569fe5af33fa3806f398d21c081d73c66e5523bc27.075582aaa580c11aed4c7731cad6b068b700e7efb76ccf21a12c5f6d6790bc32c7da82446d877b2f4dbd857a9e1e33ea71eaf3e211877027e533770d1
Affected packages
- Linux / Linux< 76ccf21a12c5f6d6790bc32c7da82446d877b2f4 (from cd1a677cad994021b19665ed476aea63f5d54f31) · < 75582aaa580c11aed4c7731cad6b068b700e7efb (from cd1a677cad994021b19665ed476aea63f5d54f31) · < 50156622eb0888e62541d715a98584480a1bc7cb (from cd1a677cad994021b19665ed476aea63f5d54f31) · < dbd857a9e1e33ea71eaf3e211877027e533770d1 (from cd1a677cad994021b19665ed476aea63f5d54f31) · < 69fe5af33fa3806f398d21c081d73c66e5523bc2 (from cd1a677cad994021b19665ed476aea63f5d54f31) · < 035867ae6f18df0aeedb2a57a5b74091bd4e3fe8 (from cd1a677cad994021b19665ed476aea63f5d54f31)
- Linux / Linux5.11Fixed in 0, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H