CVE-2026-43406 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 11, 2026
Linux kernel - Out of Bounds Read
Published: May 8, 2026Updated: May 11, 2026Remote Exploitable
Overview
Linux kernel contains an out-of-bounds read vulnerability caused by insufficient bounds checking in libceph's process_message_header(), letting attackers cause memory reads beyond intended limits, exploit requires crafted malicious message frames.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can cause out-of-bounds memory reads, potentially leading to information disclosure or system instability.
Mitigation
Update to the latest Linux kernel version with the fix for libceph process_message_header bounds check.
References
- https://git.kernel.org/stable/c/035867ae6f18df0aeedb2a57a5b74091bd4e3fe8
- https://git.kernel.org/stable/c/50156622eb0888e62541d715a98584480a1bc7cb
- https://git.kernel.org/stable/c/69fb5d91bba44ecf7eb80530b85fa4fb028921d5
- https://git.kernel.org/stable/c/69fe5af33fa3806f398d21c081d73c66e5523bc2
- https://git.kernel.org/stable/c/75582aaa580c11aed4c7731cad6b068b700e7efb
- https://git.kernel.org/stable/c/76ccf21a12c5f6d6790bc32c7da82446d877b2f4
- https://git.kernel.org/stable/c/dbd857a9e1e33ea71eaf3e211877027e533770d1
Related Resources
Details
- CVE ID
- CVE-2026-43406
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- out_of_bounds_rw
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H