PT-2026-2877 · Linux+4 · Linux Kernel+4

Published

2025-01-01

·

Updated

2026-05-28

·

CVE-2025-71116

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's libceph component where the decode pool() function may be susceptible to out-of-bounds reads. This can occur if an osdmap is corrupted, specifically when the encoded length of a ceph pg pool envelope is less than the expected value for a particular encoding version. The issue arises because the existing bounds check relies on this potentially manipulated length value. The patch introduces explicit bounds checks for each field during decoding or skipping operations to address this.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:21706
ALSA-2026:21745
AZL-74550
BDU:2026-03358
CVE-2025-71116
ECHO-14D8-EA2F-656A
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
OPENSUSE-SU-2026:20287-1
RHSA-2026:19568
SUSE-SU-2026:0411-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1078-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Rocky Linux
Ubuntu
Libceph