CVE-2026-52956

A flaw was found in the Linux kernel's libceph module. A remote attacker could trigger an out-of-bounds memory access in the cephxdecrypt function by sending a specially crafted message frame of type FRAMETAGAUTHREPLYMORE with a small ciphertext length. This vulnerability arises because the...

CVE-2026-52958

A flaw was found in the Linux kernel's libceph component. This vulnerability, located within the osdmapdecode function, can lead to an out-of-bounds memory access. A remote attacker could exploit this by sending a specially crafted and corrupted osdmap message, where the maxosd value exceeds the...

CVE-2026-52954

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...

Linux Distros Unpatched Vulnerability : CVE-2026-52956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field ...

Linux Distros Unpatched Vulnerability : CVE-2026-52958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for...

Linux Distros Unpatched Vulnerability : CVE-2026-52957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding th...

Linux Distros Unpatched Vulnerability : CVE-2026-52955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holdin...

Linux Distros Unpatched Vulnerability : CVE-2026-52954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received...

EUVD-2026-38825

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

EUVD-2026-38823

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...

CVE-2026-52956

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

CVE-2026-52955

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...

CVE-2026-52957

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

CVE-2026-52957 libceph: Fix potential null-ptr-deref in decode_choose_args()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

CVE-2026-52958 libceph: Fix potential out-of-bounds access in osdmap_decode()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...

CVE-2026-52958

CVE-2026-52958 affects the Linux kernel libceph subsystem. The vulnerability arises in osdmap_decode() when decoding osd_state and osd_weight for each osd; the ceph_decode_need() check did not account for map->max_osd*sizeof(*map->osd_weight), enabling a potential out-of-bounds memory acces...

CVE-2026-52957

Consolidated details from CVE-2026-52957 show a Linux kernel libceph flaw in processing CEPH_MSG_OSD_MAP: during CRUSH map decoding, bucket indices may reference NULL buckets when decoding crush_choose_arg_map, risking a NULL pointer dereference. A patch extends the validation to only access non-...

CVE-2026-52956

The CVE-2026-52956 issue affects the Linux kernel’s libceph code, specifically __ceph_x_decrypt(), where a buffer region can be misinterpreted as a ceph_x_encrypt_header and hdr->magic accessed without ensuring sufficient plaintext size. This can trigger an out-of-bounds memory access when cip...

CVE-2026-52955

The CVE-2026-52955 vulnerability affects the Linux kernel’s libceph crush_decode(). A CEPH_MSG_OSD_MAP containing a crush map with at least one bucket could have two bucket algorithm fields (alg and b->alg) that differ, leading to potential out-of-bounds access during allocation or destruction...

CVE-2026-52954 libceph: handle rbtree insertion error in decode_choose_args()

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...