CVE-2026-52958

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in osdmap decode()

When decoding osd state and osd weight from an incoming osdmap in osdmap decode(), both are decoded for each osd, i.e., map->max osd times. The ceph decode need() check only accounts for sizeof(*map->osd weight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the max osd value exceeds the actual content of the osdmap message.

This patch fixes the issue by changing the corresponding part in the ceph decode need() check to account for map->max osd*sizeof(*map->osd weight).