CVE-2026-43419
Received Received - Intake
Memory Leak in Linux Kernel CephFS

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer obtained by __getname(). If ownership of this pointer is not passed to the caller via path_info.path, the function must free it before returning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43419
EUVD
EUVD-2026-28725
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ceph ceph *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

Memory leaks can lead to increased memory usage over time, which may degrade system performance or cause resource exhaustion.

In environments running the affected Ceph component in the Linux kernel, this could potentially lead to instability or crashes if the leak is significant.


Can you explain this vulnerability to me?

This vulnerability is a memory leak issue in the Linux kernel related to the Ceph component, specifically in the function ceph_mdsc_build_path().

The problem occurs because certain error code paths did not properly free a memory pointer named "path" that was obtained by the __getname() function.

To fix this, __putname() calls were added to those error paths to ensure the allocated memory is freed if ownership of the pointer is not passed to the caller.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart