-

CVE-2025-71116

EPSS 0.03%
Veröffentlicht 14.01.2026 15:16:01
Zuletzt bearbeitet 19.01.2026 13:16:18
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

libceph: make decode_pool() more resilient against corrupted osdmaps

If the osdmap is (maliciously) corrupted such that the encoded length
of ceph_pg_pool envelope is less than what is expected for a particular
encoding version, out-of-bounds reads may ensue because the only bounds
check that is there is based on that length value.

This patch adds explicit bounds checks for each field that is decoded
or skipped.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d061be4c8040ffb1110d537654a038b8b6ad39d2

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < 145d140abda80e33331c5781d6603014fa75d258

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < c82e39ff67353a5a6cbc07b786b8690bd2c45aaa

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < e927ab132b87ba3f076705fc2684d94b24201ed1

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < 5d0d8c292531fe356c4e94dcfdf7d7212aca9957

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < 2acb8517429ab42146c6c0ac1daed1f03d2fd125

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

Version < 8c738512714e8c0aa18f8a10c072d5b01c83db39

Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.9

Status affected

Version < 3.9

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125

https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957

https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39

https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa

https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1

https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258

https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2

https://nvd.nist.gov/vuln/detail/CVE-2025-71116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71116

EUVD