7.1

CVE-2025-71116

libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved:

libceph: make decode_pool() more resilient against corrupted osdmaps

If the osdmap is (maliciously) corrupted such that the encoded length
of ceph_pg_pool envelope is less than what is expected for a particular
encoding version, out-of-bounds reads may ensue because the only bounds
check that is there is based on that length value.

This patch adds explicit bounds checks for each field that is decoded
or skipped.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.9.1 < 5.10.248
LinuxLinux Kernel Version >= 5.11 < 5.15.198
LinuxLinux Kernel Version >= 5.16 < 6.1.160
LinuxLinux Kernel Version >= 6.2 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.3
LinuxLinux Kernel Version3.9 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.026
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125
Patch
https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957
Patch
https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39
Patch
https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa
Patch
https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1
Patch
https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258
Patch
https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2
Patch