CVE Catalog

CVE-2026-52958

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.54%

42th percentile — higher than 42% of all known CVEs

Summary

In the Linux kernel, a potential out-of-bounds memory access vulnerability was found in the osdmap_decode() function of the libceph library. The issue is caused by an incorrect size check during OSD map decoding, which may lead to reading beyond the allocated buffer.

Risk Assessment

An attacker could exploit this vulnerability by sending a crafted OSD map message, potentially causing a system crash (kernel panic) or privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit that changes ceph_decode_need() to account for map->max_osd*sizeof(*map->osd_weight)).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map->max_osd times. The ceph_decode_need() check only accounts for sizeof(*map->osd_weight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the max_osd value exceeds the actual content of the osdmap message. This patch fixes the issue by changing the corresponding part in the ceph_decode_need() check to account for map->max_osd*sizeof(*map->osd_weight).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS