CVE-2026-43273
Awaiting Analysis Awaiting Analysis - Queue
Memory Corruption in Ceph File System

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ceph: supply snapshot context in ceph_zero_partial_object() The ceph_zero_partial_object function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots. Reproducer: ../src/vstart.sh --new -x --localhost --bluestore ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a' mount -t ceph [email protected]=/ /mnt/mycephfs/ -o conf=./ceph.conf dd if=/dev/urandom of=/mnt/mycephfs/foo bs=64K count=1 mkdir /mnt/mycephfs/.snap/snap1 md5sum /mnt/mycephfs/.snap/snap1/foo fallocate -p -o 0 -l 4096 /mnt/mycephfs/foo echo 3 > /proc/sys/vm/drop/caches md5sum /mnt/mycephfs/.snap/snap1/foo # get different md5sum!!
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43273
EUVD
EUVD-2026-27670
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 3.12 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability in the Linux kernel's Ceph component could lead to data inconsistencies in snapshots due to missing proper snapshot context in the ceph_zero_partial_object function. Data inconsistencies in snapshots may impact data integrity and reliability.

However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the Linux kernel's Ceph component, specifically in the function ceph_zero_partial_object. The function was missing the proper snapshot context for its OSD (Object Storage Daemon) write operations. Because of this missing context, data inconsistencies could occur in snapshots, meaning that the snapshot data might not accurately reflect the state of the data at the time the snapshot was taken.

Impact Analysis

The impact of this vulnerability is that snapshots created using Ceph may contain inconsistent or corrupted data. This can lead to unreliable backups or restore points, potentially causing data loss or integrity issues when relying on snapshots for data recovery or replication.

Detection Guidance

This vulnerability can be detected by reproducing the issue using the provided steps which involve creating snapshots and verifying data inconsistencies through checksum mismatches.

  • Run the vstart.sh script to start a new Ceph cluster with the command: ../src/vstart.sh --new -x --localhost --bluestore
  • Set appropriate Ceph client capabilities using: ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a'
  • Mount the Ceph filesystem: mount -t ceph [email protected]=/ /mnt/mycephfs/ -o conf=./ceph.conf
  • Create a file with random data: dd if=/dev/urandom of=/mnt/mycephfs/foo bs=64K count=1
  • Create a snapshot directory: mkdir /mnt/mycephfs/.snap/snap1
  • Calculate the md5sum of the snapshot file: md5sum /mnt/mycephfs/.snap/snap1/foo
  • Modify the original file with fallocate: fallocate -p -o 0 -l 4096 /mnt/mycephfs/foo
  • Clear caches to force read from disk: echo 3 > /proc/sys/vm/drop_caches
  • Recalculate the md5sum of the snapshot file and check for differences: md5sum /mnt/mycephfs/.snap/snap1/foo

A different md5sum indicates data inconsistency caused by the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart