Description
In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds reads in process_message_header()

If the message frame is (maliciously) corrupted in a way that the
length of the control segment ends up being less than the size of the
message header or a different frame is made to look like a message
frame, out-of-bounds reads may ensue in process_message_header().

Perform an explicit bounds check before decoding the message header.
Published: 2026-05-08
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel the libceph module’s process_message_header() function may read data beyond the bounds of a message header when a message frame is corrupted or forged so that the declared control segment length is smaller than the header itself. This out-of-bounds read can expose kernel memory contents that are not intended to be visible, potentially leaking sensitive information.

Affected Systems

All versions of the Linux kernel that include the libceph module and do not contain the commits that add an explicit bounds check before decoding the message header. The vulnerability remains until the kernel is updated to a release that incorporates these changes.

Risk and Exploitability

The CVSS score of 7.0 indicates a high severity level, and there is no EPSS score or KEV listing for this issue. Based on the description, it is inferred that an attacker could trigger the read by sending a crafted or truncated Ceph message frame to the kernel module, which suggests a remote network-based attack vector if Ceph traffic is exposed to untrusted hosts. No publicly known exploitation has been reported as of this analysis.

Generated by OpenCVE AI on May 9, 2026 at 04:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the libceph fixes (see the commit references linked above).
  • If Ceph is not used on the system, disable or blacklist the libceph kernel module to prevent the vulnerable code path from being loaded.
  • Limit network exposure of Ceph traffic using firewalls or segmentation so that only trusted hosts can communicate with the kernel module.

Generated by OpenCVE AI on May 9, 2026 at 04:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 08 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of the message header or a different frame is made to look like a message frame, out-of-bounds reads may ensue in process_message_header(). Perform an explicit bounds check before decoding the message header.
Title libceph: prevent potential out-of-bounds reads in process_message_header()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-09T04:10:52.241Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:52.137

Modified: 2026-05-08T15:16:52.137

Link: CVE-2026-43406

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43406 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:00:10Z

Weaknesses