CVE-2026-43419
Undergoing Analysis Undergoing Analysis - In Progress
Memory Leak in Linux Kernel CephFS

Publication date: 2026-05-08

Last updated on: 2026-05-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer obtained by __getname(). If ownership of this pointer is not passed to the caller via path_info.path, the function must free it before returning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-22
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43419
EUVD
EUVD-2026-28725
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 5.10.234 (inc) to 5.11 (exc)
linux linux_kernel From 5.15.177 (inc) to 5.16 (exc)
linux linux_kernel From 6.1.125 (inc) to 6.2 (exc)
linux linux_kernel From 6.6 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Memory leaks can lead to increased memory usage over time, which may degrade system performance or cause resource exhaustion.

In environments running the affected Ceph component in the Linux kernel, this could potentially lead to instability or crashes if the leak is significant.

Executive Summary

This vulnerability is a memory leak issue in the Linux kernel related to the Ceph component, specifically in the function ceph_mdsc_build_path().

The problem occurs because certain error code paths did not properly free a memory pointer named "path" that was obtained by the __getname() function.

To fix this, __putname() calls were added to those error paths to ensure the allocated memory is freed if ownership of the pointer is not passed to the caller.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart