CVE-2026-43304 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 11, 2026
Linux kernel libceph - Buffer Overflow
Published: May 8, 2026Updated: May 11, 2026Remote Exploitable
Overview
Linux kernel libceph contains a buffer overflow prevention vulnerability caused by lack of proper key length validation in process_auth_done(), letting attackers cause potential memory corruption, exploit requires crafted key material.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause memory corruption leading to potential denial of service or code execution.
Mitigation
Update to the latest Linux kernel version containing the fix for CEPH_MAX_KEY_LEN enforcement.
References
- https://git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16
- https://git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64
- https://git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6
- https://git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244
- https://git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf
- https://git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed
- https://git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bb
Related Resources
Details
- CVE ID
- CVE-2026-43304
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H