23 matches found
CVE-2026-46119
A flaw was found in the Linux kernel's libceph component. A remote attacker could exploit this vulnerability by sending a specially crafted CEPHMSGAUTHREPLY message. When the message's result field contains a positive value, it can be misinterpreted as a buffer size, leading to a slab-out-of-boun...
SUSE CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
EUVD-2026-32405
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...
CVE-2026-46024
CVE-2026-46024 targets the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY containing zero values for both protocol and result could lead to a null pointer dereference due to ac->ops being NULL after faulty auth handling. The root cause is that a too-permissive check allowed ac->...
Linux Distros Unpatched Vulnerability : CVE-2026-46024
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this ...
PT-2026-43891
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph handle auth reply If a message of type CEPH MSG AUTH REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating...
EUVD-2026-28713
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
CVE-2026-43407
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
CVE-2026-43407
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
UBUNTU-CVE-2026-43407
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
CVE-2026-43407
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
CVE-2026-43407 libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...
PT-2026-39068
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access exists in the ceph handle auth reply function within libceph, triggered by a message of type 'CEPH MSG AUTH REPLY'. The issue occurs because the payload len field...
Linux Distros Unpatched Vulnerability : CVE-2026-43407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a...
CVE-2026-22992
In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000701)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000701 advisory. net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have...
DEBIAN-CVE-2013-1059
net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...