CVE-2026-43304
Buffer Overflow in Linux Kernel Ceph
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's libceph component relates to how key material is handled during authentication. Previously, the system only checked if a key had no material, which was insufficient because some keys (like CEPH_CRYPTO_NONE) needed to be excluded and smaller-than-needed keys were not properly validated. The fix introduces a defined maximum key length (CEPH_MAX_KEY_LEN) and enforces that the key material fits into a fixed-size buffer and has a reasonable length during the decoding process in process_auth_done(). This prevents invalid or improperly sized keys from being accepted.
How can this vulnerability impact me? :
If this vulnerability were exploited, it could allow invalid or improperly sized keys to be processed, potentially leading to authentication issues or buffer overflows. This could compromise the security of the Ceph storage system by allowing unauthorized access or causing instability in the kernel module handling authentication.