7.5

CVE-2026-52956

libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()

In __ceph_x_decrypt(), a part of the buffer p is interpreted as a
ceph_x_encrypt_header, and the magic field of this struct is accessed.
This happens without any guarantee that the buffer is large enough to
hold this struct. The function parameter ciphertext_len represents the
length of the ciphertext to decrypt and is guaranteed to be at most the
remaining size of the allocated buffer p. However, this value is not
necessarily greater than sizeof(ceph_x_encrypt_header). E.g., a message
frame of type FRAME_TAG_AUTH_REPLY_MORE, that is just as long to hold
the ciphertext at its end with a ciphertext_len of 8 or less, can
trigger an out-of-bounds memory access when accessing hdr->magic.

This patch fixes the issue by adding a check to ensure that the
decrypted plaintext in the buffer is large enough to represent at least
the ceph_x_encrypt_header.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version e15fd0a11db00fc7f470a9fc804657ec3f6d04a5
Version < c7e9b53aebe401970f1b5f5a01b4e021b18e8bb2
Status affected
Version e15fd0a11db00fc7f470a9fc804657ec3f6d04a5
Version < 821365487aa58d06bda65c676ba215d506ba9768
Status affected
Version 2982b9c92a66604ffb9fb2db54cf735133d1ef56
Status affected
Version 4.9.6
Version < 4.10
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.10
Status affected
Version 0
Version < 4.10
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.278
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/c7e9b53aebe401970f1b5f5a01b4e021b18e8bb2
https://git.kernel.org/stable/c/821365487aa58d06bda65c676ba215d506ba9768