CVE Catalog

CVE-2026-52962

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A buffer leak was discovered in the __ceph_setxattr() function in the Ceph filesystem within the Linux kernel. During retries, the old_blob variable stores the ci->i_xattrs.prealloc_blob value but is never freed via ceph_buffer_put(), causing a memory leak.

Risk Assessment

This buffer leak can gradually exhaust kernel memory, leading to system performance degradation or crashes under prolonged operation.

Recommendation

Immediately update the Linux kernel to a version containing the fix that resolves the buffer leak in __ceph_setxattr().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in __ceph_setxattr() The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value during the retry. However, it is never called the ceph_buffer_put() for the old_blob object. This patch fixes the issue of the buffer leak.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS