CVE-2026-43406
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
9.1
Description
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of the message header or a different frame is made to look like a message frame, out-of-bounds reads may ensue in process_message_header(). Perform an explicit bounds check before decoding the message header.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected cd1a677cad994021b19665ed476aea63f5d54f31 - < 76ccf21a12c5f6d6790bc32c7da82446d877b2f4affected cd1a677cad994021b19665ed476aea63f5d54f31 - < 75582aaa580c11aed4c7731cad6b068b700e7efbaffected cd1a677cad994021b19665ed476aea63f5d54f31 - < 50156622eb0888e62541d715a98584480a1bc7cbaffected cd1a677cad994021b19665ed476aea63f5d54f31 - < dbd857a9e1e33ea71eaf3e211877027e533770d1affected cd1a677cad994021b19665ed476aea63f5d54f31 - < 69fe5af33fa3806f398d21c081d73c66e5523bc2+2 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*+4 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now