CRITICAL🇵🇱 Wersja polska

CVE-2026-22984

CVSS 9.8v3.1pub. 2026-01-23upd. 2026-04-27

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]

🤖 AI Analysis
How it works

Lack of explicit verification of the payload_len value before its use in the handle_auth_done() function can result in access to memory outside the allocated buffer (CWE-125: Out-of-bounds Read). A remote attacker, without authentication and without user interaction, can craft an authorization response containing an invalid payload length value. The patch introduces explicit boundary checking of the payload_len variable before passing it for further processing.

Impact

An attacker can cause disclosure of sensitive data from kernel memory, and depending on the context, also cause system integrity violations or unavailability (according to CVSS vector: C:H/I:H/A:H).

Mitigation & patch

Patches available from the vendor should be applied according to the references — fixes have been published in the Linux kernel stable repository at the addresses indicated in the references section (including commits: 194cfe2af4d2, 2802ef3380fa, 2d653bb63d59, 79fe3511db41, 818156caffbf).

Who is affected

Linux kernel — versions indicated in vendor references (patches available in commits in the stable repository git.kernel.org)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    6.195.11 – 5.15.198 (bez)5.16 – 6.1.161 (bez)6.2 – 6.6.121 (bez)6.7 – 6.12.66 (bez)6.13 – 6.18.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...