{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-52955/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:37:14.892Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-52955","@id":"https://www.cve.org/CVERecord?id=CVE-2026-52955","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix potential out-of-bounds access in crush_decode()\n\nA message of type CEPH_MSG_OSD_MAP containing a crush map with at least\none bucket has two fields holding the bucket algorithm. If the values\nin these two fields differ, an out-of-bounds access can occur. This is\nthe case because the first algorithm field (alg) is used to allocate\nthe correct amount of memory for a bucket of this type, while the second\nalgorithm fie"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0f3604cbe4df14c5e58288ac9f57511e726a222d, 3f42508191e129ee6b5ea96578d5cab14f2a013a, 4c79fc2d598694bda845b46229c9d48b65042970, 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 6e70ef53e818c53eab28d7b0026b7fd03dddaba5, 7.0.10, 7.1, cceb10023e76bc89f3fe9238ebd0ccab0fc7c7c5, ea0d42137f0c06da71e37ffc647aab4c5309599a, ebe76d58a48a48031b98543d86c4cd30a825b622, fb176a99e4c1a5a8448a83d83d3606203ba81faa.","timestamp":"2026-06-28T06:37:14.892Z"}]}