SB20260508122 - Signed to Unsigned Conversion Error in Linux kernel ceph
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Signed to Unsigned Conversion Error (CVE-ID: CVE-2026-43405)
CWE-ID: CWE-195 - Signed to Unsigned Conversion Error
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper handling of signedness conversion in ceph_monmap_decode() when parsing an incoming monitor map message. A remote attacker can send a specially crafted message with a very large num_mon value to cause a denial of service.
The issue can trigger an attempt to allocate an excessively large chunk of memory and results in -ENOMEM being returned instead of rejecting the input as invalid.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08bc6173fd611ad5a40f472bf5f15b92aea0fe40
- https://git.kernel.org/stable/c/5f2806684b05bd24d05c091083b8e2517ba8ffac
- https://git.kernel.org/stable/c/770444611f047dbfd4517ec0bc1b179d40c2f346
- https://git.kernel.org/stable/c/86f7060cd638d6eb042e8ed780fb83a59ca0dcb3
- https://git.kernel.org/stable/c/b268984ae88cb0dcd7a8e8263962c748448e26e8
- https://git.kernel.org/stable/c/ba0a4df8c563536857dcbf7b4dbd0f2a15f57ace
- https://git.kernel.org/stable/c/ee5588e2bc41acb73f6676c0520420c107cd0140