2923 matches found
EUVD-2026-38829
In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...
EUVD-2026-38826
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...
EUVD-2026-38828
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
EUVD-2026-38830
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52958
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...
CVE-2026-52960
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52961
In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52957
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...
CVE-2026-52956
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52962
CVE-2026-52962 relates to the Linux kernel patch addressing a buffer leak in Ceph’s __ceph_setxattr() path. The issue arises because old_blob (ci->i_xattrs.prealloc_blob) could be retained during a retry and was not released via ceph_buffer_put(), leading to a leak. The patch fixes the leak by...
CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52960
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52960
CVE-2026-52960 affects the Linux kernel Ceph component: when removing folios not suitable for writeback, the batch may hold references to folios and fail to release them, causing a resource leak. This could lead to DoS via resource exhaustion. The issue is resolved in the Linux kernel, with tests...
CVE-2026-52961
CVE-2026-52961 relates to the Linux kernel ceph xattr handling. The issue arises from a race introduced by Commit d93231a6bc8a, which moved the required_blob_size computation before __build_xattrs(). During __build_xattrs(), i_ceph_lock is released and reacquired; in that window, handle_cap_grant...
CVE-2026-52960 ceph: put folios not suitable for writeback
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52956 libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...
CVE-2026-52955 libceph: Fix potential out-of-bounds access in crush_decode()
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Ceph: Fixed a crash in processv2sparseread for encrypted directories. A crash in processv2sparseread for fscrypt-encrypted directories has been reported. This issue occurs in the Ceph msgr2 protocol in secure mode. It can be...