Описание
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
Отчет
An out-of-bounds read can occur in libceph messenger v2 during AUTH_DONE handling when payload_len is taken from the wire but the message buffer is not validated to actually contain that many bytes. A malicious or compromised Ceph peer can send a truncated message to reliably crash the kernel (network-triggered DoS).
Меры по смягчению последствий
If Ceph not being used, then possible to disable it. To mitigate this issue, prevent module libceph from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2026:25120 | 10.06.2026 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2026:25121 | 10.06.2026 |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | kernel | Fixed | RHSA-2026:26563 | 17.06.2026 |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | kernel | Fixed | RHSA-2026:26563 | 17.06.2026 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2026:19568 | 20.05.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
libceph: prevent potential out-of-bounds reads in handle_auth_done()
In the Linux kernel, the following vulnerability has been resolved: l ...
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
EPSS
7.1 High
CVSS3