NVD

CVE-2026-52958 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map->max_osd times. The ceph_decode_need() check only accounts for sizeof(*map->osd_weight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the max_osd value exceeds the actual content of the osdmap message. This patch fixes the issue by changing the corresponding part in the ceph_decode_need() check to account for map->max_osd*sizeof(*map->osd_weight).

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/0d2dd7e6bb74fd7712aa73457a4a821906c6863a	kernel.org
https://git.kernel.org/stable/c/35d0ed82d03e5ee77ea4f31f20e29562a7721649	kernel.org
https://git.kernel.org/stable/c/36a79759a288961b1ff28a68ec2d1f56f6848098	kernel.org
https://git.kernel.org/stable/c/3f2575bb7f955d42569d96c3e04fa958a0dcf4b4	kernel.org
https://git.kernel.org/stable/c/48df98d12b15360cd56af5c1f460307b340c1197	kernel.org
https://git.kernel.org/stable/c/8713bbc4b2b9ad78f803978e54b7e49dd21bd9be	kernel.org
https://git.kernel.org/stable/c/e7187f33c02488697ec0d01d82bf7a3f8deaba8f	kernel.org
https://git.kernel.org/stable/c/ee933694645dac062d65fc2743f92bc06fa0db6b	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/24/2026 1:17:06 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map->max_osd times. The ceph_decode_need() check only accounts for sizeof(map->osd_weight) once. This can potentially result in an out-of-bounds memory access if the incoming message is corrupted such that the max_osd value exceeds the actual content of the osdmap message. This patch fixes the issue by changing the corresponding part in the ceph_decode_need() check to account for map->max_osdsizeof(*map->osd_weight).
Added	Reference	https://git.kernel.org/stable/c/0d2dd7e6bb74fd7712aa73457a4a821906c6863a
Added	Reference	https://git.kernel.org/stable/c/35d0ed82d03e5ee77ea4f31f20e29562a7721649
Added	Reference	https://git.kernel.org/stable/c/36a79759a288961b1ff28a68ec2d1f56f6848098
Added	Reference	https://git.kernel.org/stable/c/3f2575bb7f955d42569d96c3e04fa958a0dcf4b4
Added	Reference	https://git.kernel.org/stable/c/48df98d12b15360cd56af5c1f460307b340c1197
Added	Reference	https://git.kernel.org/stable/c/8713bbc4b2b9ad78f803978e54b7e49dd21bd9be
Added	Reference	https://git.kernel.org/stable/c/e7187f33c02488697ec0d01d82bf7a3f8deaba8f
Added	Reference	https://git.kernel.org/stable/c/ee933694645dac062d65fc2743f92bc06fa0db6b
Added	Affected	Record truncated, showing 2048 of 2445 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ceph/osdmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"36a79759a288961b1ff28a68ec2d1f56f6848098","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"3f2575bb7f955d42569d96c3e04fa958a0dcf4b4","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"8713bbc4b2b9ad78f803978e54b7e49dd21bd9be","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"0d2dd7e6bb74fd7712aa73457a4a821906c6863a","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"e7187f33c02488697ec0d01d82bf7a3f8deaba8f","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"48df98d12b15360cd56af5c1f460307b340c1197","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"ee933694645dac062d65fc2743f92bc06fa0db6b","versionType":"git","status":"affected"},{"version":"dcbc919a5dc8c2629684a113a90c0b6fe10c3462","lessThan":"35d0ed82d03e5ee77ea4f31f20e29562a7721649","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ceph/osdmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.","versionType":"semver","status":"

Quick Info

CVE Dictionary Entry:
CVE-2026-52958
NVD Published Date:
06/24/2026
NVD Last Modified:
06/24/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-52958 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/24/2026 1:17:06 PM

Quick Info