CVE-2026-52958

Source
https://cve.org/CVERecord?id=CVE-2026-52958
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52958.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52958
Downstream
Published
2026-06-24T16:28:39.723Z
Modified
2026-07-08T08:09:44.862606348Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
libceph: Fix potential out-of-bounds access in osdmap_decode()
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in osdmap_decode()

When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode(), both are decoded for each osd, i.e., map->maxosd times. The cephdecodeneed() check only accounts for sizeof(*map->osdweight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the maxosd value exceeds the actual content of the osdmap message.

This patch fixes the issue by changing the corresponding part in the cephdecodeneed() check to account for map->maxosd*sizeof(*map->osdweight).

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52958.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dcbc919a5dc8c2629684a113a90c0b6fe10c3462
Fixed
36a79759a288961b1ff28a68ec2d1f56f6848098
Fixed
3f2575bb7f955d42569d96c3e04fa958a0dcf4b4
Fixed
8713bbc4b2b9ad78f803978e54b7e49dd21bd9be
Fixed
0d2dd7e6bb74fd7712aa73457a4a821906c6863a
Fixed
e7187f33c02488697ec0d01d82bf7a3f8deaba8f
Fixed
48df98d12b15360cd56af5c1f460307b340c1197
Fixed
ee933694645dac062d65fc2743f92bc06fa0db6b
Fixed
35d0ed82d03e5ee77ea4f31f20e29562a7721649

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52958.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52958.json"