CVE-2026-43273
Memory Corruption in Ceph File System
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ceph | ceph | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's Ceph component, specifically in the function ceph_zero_partial_object. The function was missing the proper snapshot context for its OSD (Object Storage Daemon) write operations. Because of this missing context, data inconsistencies could occur in snapshots, meaning that the snapshot data might not accurately reflect the state of the data at the time the snapshot was taken.
How can this vulnerability impact me? :
The impact of this vulnerability is that snapshots created using Ceph may contain inconsistent or corrupted data. This can lead to unreliable backups or restore points, potentially causing data loss or integrity issues when relying on snapshots for data recovery or replication.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the issue using the provided steps which involve creating snapshots and verifying data inconsistencies through checksum mismatches.
- Run the vstart.sh script to start a new Ceph cluster with the command: ../src/vstart.sh --new -x --localhost --bluestore
- Set appropriate Ceph client capabilities using: ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a'
- Mount the Ceph filesystem: mount -t ceph [email protected]=/ /mnt/mycephfs/ -o conf=./ceph.conf
- Create a file with random data: dd if=/dev/urandom of=/mnt/mycephfs/foo bs=64K count=1
- Create a snapshot directory: mkdir /mnt/mycephfs/.snap/snap1
- Calculate the md5sum of the snapshot file: md5sum /mnt/mycephfs/.snap/snap1/foo
- Modify the original file with fallocate: fallocate -p -o 0 -l 4096 /mnt/mycephfs/foo
- Clear caches to force read from disk: echo 3 > /proc/sys/vm/drop_caches
- Recalculate the md5sum of the snapshot file and check for differences: md5sum /mnt/mycephfs/.snap/snap1/foo
A different md5sum indicates data inconsistency caused by the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in the Linux kernel's Ceph component could lead to data inconsistencies in snapshots due to missing proper snapshot context in the ceph_zero_partial_object function. Data inconsistencies in snapshots may impact data integrity and reliability.
However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.