CVE-2026-43406
Analyzed Analyzed - Analysis Complete

Out-of-Bounds Read in Linux Kernel Ceph Library

Vulnerability report for CVE-2026-43406, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of the message header or a different frame is made to look like a message frame, out-of-bounds reads may ensue in process_message_header(). Perform an explicit bounds check before decoding the message header.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's libceph component, specifically in the process_message_header() function.

If a message frame is maliciously corrupted so that the length of the control segment is less than the size of the message header, or if a different frame is made to appear like a message frame, it can cause out-of-bounds reads.

The vulnerability arises because process_message_header() does not perform an explicit bounds check before decoding the message header, which can lead to reading memory outside the intended bounds.

Impact Analysis

This vulnerability can lead to out-of-bounds reads in the Linux kernel, which may cause information disclosure or system instability.

An attacker could exploit this by sending a specially crafted message frame that triggers the out-of-bounds read, potentially exposing sensitive kernel memory or causing a crash.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart