408 matches found
PT-2026-38946
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in libceph where the system fails to properly verify the length of key material during decoding. Specifically, the process auth done function does not ensure that the key...
PT-2026-39068
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access exists in the ceph handle auth reply function within libceph, triggered by a message of type 'CEPH MSG AUTH REPLY'. The issue occurs because the payload len field...
PT-2026-39067
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where out-of-bounds reads can occur within the process message header function. This happens if a message frame is corrupted, causing the control...
Linux Distros Unpatched Vulnerability : CVE-2026-43405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in...
Linux Distros Unpatched Vulnerability : CVE-2026-43406
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control...
Linux Distros Unpatched Vulnerability : CVE-2026-43407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a...
Linux Distros Unpatched Vulnerability : CVE-2026-43304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generall...
AlmaLinux 9 : kernel (ALSA-2026:13565)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13565 advisory. kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in...
RLSA-2026:13565 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...
kernel security update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state
A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...
ALSA-2026:13565 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libceph: The state of sparse-read was reset in osdfault. When a fault occurs, the connection is abandoned, re-established, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: prevented potential out-of-bounds reads in handleauthdone A explicit bounds check was performed on payloadlen to avoid possible out-of-bounds accesses during the callout. idryomov: changelog...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: makes decodepool more resilient against corrupted osdmaps. If the osdmap is maliciously corrupted in such a way that the encoded length of the cephpgpool envelope is less than what is expected for a particular encoding...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: Replace BUGON with a bounds check for map-maxosd. OSD indexes come from untrusted network packets. Boundaries checks are added to validate these against map-maxosd. idryomov: removed BUGON in cephgetprimaryaffinity, mino...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: Potential out-of-bounds writes have been prevented in the handleauthsessionkey function. The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: libceph: fixed a potential use-after-free in havemonandosdmap The wait loop in cephopensession can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both cephmonchandlemap and...
CLSA-2026-1777616064 kernel: Fix of 260 CVEs
crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...