| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011414-CVE-2025-71116-e57d@gregkh> Date: Wed, 14 Jan 2026 16:06:21 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped. The Linux kernel CVE team has assigned CVE-2025-71116 to this issue. Affected and fixed versions =========================== Fixed in 6.1.160 with commit c82e39ff67353a5a6cbc07b786b8690bd2c45aaa Fixed in 6.6.120 with commit e927ab132b87ba3f076705fc2684d94b24201ed1 Fixed in 6.12.64 with commit 5d0d8c292531fe356c4e94dcfdf7d7212aca9957 Fixed in 6.18.3 with commit 2acb8517429ab42146c6c0ac1daed1f03d2fd125 Fixed in 6.19-rc1 with commit 8c738512714e8c0aa18f8a10c072d5b01c83db39 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71116 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ceph/osdmap.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1 https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957 https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125 https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39
Powered by blists - more mailing lists