CVE-2026-46119

A flaw was found in the Linux kernel's libceph component. A remote attacker could exploit this vulnerability by sending a specially crafted CEPHMSGAUTHREPLY message. When the message's result field contains a positive value, it can be misinterpreted as a buffer size, leading to a slab-out-of-boun...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

UBUNTU-CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

EUVD-2026-32878

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

CVE-2026-46119

CVE-2026-46119 affects the Linux kernel libceph component. The flaw is a slab-out-of-bounds access in auth message processing: if CEPH_MSG_AUTH_REPLY carries a positive result, it is misinterpreted as an error code and later as the size of the front segment, causing out-of-bounds reads. The fix t...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

...

SUSE CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

AlmaLinux 8 : kernel (ALSA-2026:21706)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21706 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from out-of-bounds access in the libceph authentication message processing mechanism. This vulnerabili...

PT-2026-44242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds access exists in the libceph module during the processing of authentication messages. When a CEPH MSG AUTH REPLY message contains a positive value in its result fiel...

CVE-2026-46024

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted authentication reply message to trigger a null pointer dereference. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS for affected systems. Mitigation To...

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

CVE-2026-46024

CVE-2026-46024 targets the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY containing zero values for both protocol and result could lead to a null pointer dereference due to ac->ops being NULL after faulty auth handling. The root cause is that a too-permissive check allowed ac-&gt...

EUVD-2026-32405

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...