CVE-2026-52958

Enriched by CISA

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map->max_osd times. The ceph_decode_need() check only accounts for sizeof(*map->osd_weight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the max_osd value exceeds the actual content of the osdmap message. This patch fixes the issue by changing the corresponding part in the ceph_decode_need() check to account for map->max_osd*sizeof(*map->osd_weight).
https://nvd.nist.gov/vuln/detail/CVE-2026-52958

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/0d2dd7e6bb74fd7712aa73457a4a821906c6863a
https://git.kernel.org/stable/c/35d0ed82d03e5ee77ea4f31f20e29562a7721649
https://git.kernel.org/stable/c/36a79759a288961b1ff28a68ec2d1f56f6848098
https://git.kernel.org/stable/c/3f2575bb7f955d42569d96c3e04fa958a0dcf4b4
https://git.kernel.org/stable/c/48df98d12b15360cd56af5c1f460307b340c1197
https://git.kernel.org/stable/c/8713bbc4b2b9ad78f803978e54b7e49dd21bd9be
https://git.kernel.org/stable/c/e7187f33c02488697ec0d01d82bf7a3f8deaba8f
https://git.kernel.org/stable/c/ee933694645dac062d65fc2743f92bc06fa0db6b

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 36a79759a288961b1ff28a68ec2d1f56f6848098 [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 3f2575bb7f955d42569d96c3e04fa958a0dcf4b4 [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 8713bbc4b2b9ad78f803978e54b7e49dd21bd9be [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 0d2dd7e6bb74fd7712aa73457a4a821906c6863a [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < e7187f33c02488697ec0d01d82bf7a3f8deaba8f [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 48df98d12b15360cd56af5c1f460307b340c1197 [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < ee933694645dac062d65fc2743f92bc06fa0db6b [affected] dcbc919a5dc8c2629684a113a90c0b6fe10c3462 < 35d0ed82d03e5ee77ea4f31f20e29562a7721649 [affected]
Linux	Linux	5.3 [affected] < 5.3 [unaffected] 5.10.258 ≤ 5.10.* [unaffected] 5.15.209 ≤ 5.15.* [unaffected] 6.1.175 ≤ 6.1.* [unaffected] 6.6.141 ≤ 6.6.* [unaffected] 6.12.91 ≤ 6.12.* [unaffected] 6.18.33 ≤ 6.18.* [unaffected] 7.0.10 ≤ 7.0.* [unaffected] 7.1 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 5.10.258
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 5.15.209
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 6.1.175
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 6.6.141
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 6.12.91
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 6.18.33
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 7.0.10
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.3	< 7.1

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee