9.8

CVE-2026-22984

libceph: prevent potential out-of-bounds reads in handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds reads in handle_auth_done()

Perform an explicit bounds check on payload_len to avoid a possible
out-of-bounds access in the callout.

[ idryomov: changelog ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.198
LinuxLinux Kernel Version >= 5.16 < 6.1.161
LinuxLinux Kernel Version >= 6.2 < 6.6.121
LinuxLinux Kernel Version >= 6.7 < 6.12.66
LinuxLinux Kernel Version >= 6.13 < 6.18.6
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.268
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/194cfe2af4d2a1de599d39dad636b47c2f6c2c96
Patch
https://git.kernel.org/stable/c/79fe3511db416d2f2edcfd93569807cb02736e5e
Patch
https://git.kernel.org/stable/c/ef208ea331ef688729f64089b895ed1b49e842e3
Patch
https://git.kernel.org/stable/c/2802ef3380fa8c4a08cda51ec1f085b1a712e9e2
Patch
https://git.kernel.org/stable/c/2d653bb63d598ae4b096dd678744bdcc34ee89e8
Patch
https://git.kernel.org/stable/c/818156caffbf55cb4d368f9c3cac64e458fb49c9
Patch