CVE-2026-43408

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Ceph component of the Linux kernel where the ceph mdsc build path() function is called without a zero-initialized ceph path info parameter. Because ceph mdsc build path() only initializes the structure upon success and not on error, subsequent calls to ceph mdsc free path info() can lead to random system crashes or potential privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.