CVE-2026-43407 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 11, 2026
Linux kernel libceph - Out-of-Bounds Read/Write
Published: May 8, 2026Updated: May 11, 2026Remote Exploitable
Overview
Linux kernel libceph contains an out-of-bounds access caused by integer overflow in ceph_handle_auth_reply() due to improper payload_len handling, letting attackers trigger memory corruption, exploit requires crafted CEPH_MSG_AUTH_REPLY message.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can cause out-of-bounds memory access leading to potential memory corruption or denial of service.
Mitigation
Update to the latest Linux kernel version containing the patch fixing ceph_handle_auth_reply()
References
- https://git.kernel.org/stable/c/ea080b21092590122c3f971cf588932cdbf47847
- https://git.kernel.org/stable/c/ed024d2f4c79c0eb2464df0fb640610ac301f9a0
- https://git.kernel.org/stable/c/edc678e5cd11730a2834b43071d8923f05bc334d
- https://git.kernel.org/stable/c/f9da5c1bbac5c8e33259fe00ed7347438fffa969
- https://git.kernel.org/stable/c/6cee34d6669fe176b4259131adb1a145c939b472
- https://git.kernel.org/stable/c/8bb87547e92dcf0928ed763c60e0ac8d733c3656
- https://git.kernel.org/stable/c/9f9e2297f45fc2d2524eb104c289d69ddef95665
- https://git.kernel.org/stable/c/b282c43ed156ae15ea76748fc15cd5c39dc9ab72
Related Resources
Details
- CVE ID
- CVE-2026-43407
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- out_of_bounds_rw
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H