CVE-2026-43406
Out-of-Bounds Read in Linux Kernel Ceph Library
Publication date: 2026-05-08
Last updated on: 2026-05-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.2 (inc) to 6.6.130 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.203 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.167 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.19 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.78 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's libceph component, specifically in the process_message_header() function.
If a message frame is maliciously corrupted so that the length of the control segment is less than the size of the message header, or if a different frame is made to appear like a message frame, it can cause out-of-bounds reads.
The vulnerability arises because process_message_header() does not perform an explicit bounds check before decoding the message header, which can lead to reading memory outside the intended bounds.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds reads in the Linux kernel, which may cause information disclosure or system instability.
An attacker could exploit this by sending a specially crafted message frame that triggers the out-of-bounds read, potentially exposing sensitive kernel memory or causing a crash.