CVE-2026-43405

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the libceph component where the ceph monmap decode() function uses signed int variables for blob len and num mon. Because these variables are intended to hold non-negative values assigned by ceph decode 32 safe(), using signed integers can lead to incorrect sign interpretation. Specifically, if a very large value is received in an incoming message, it may be interpreted as a negative value, allowing it to bypass the num mon > CEPH MAX MON check. This results in an attempt to allocate an excessively large amount of memory, leading to a memory allocation failure and the return of an -ENOMEM error instead of the expected -EINVAL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.