SB20260625238 - NULL pointer dereference in Linux kernel ceph
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-52957)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in decode_choose_args() when processing a crafted CEPH_MSG_OSD_MAP message containing a crush_choose_arg_map with a bucket index that refers to a NULL bucket. A remote attacker can send a specially crafted message to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/28b0a2ab8c82d0bbdeb8013029c67c978ce6e4bf
- https://git.kernel.org/stable/c/301286c0ccd37d66b0e40786fd35a4f19cdbd88a
- https://git.kernel.org/stable/c/312ec973efac0efb9b9ed64214235910e9ecbaa8
- https://git.kernel.org/stable/c/7169f326a23d0f547fcd90e68b72fd387622e126
- https://git.kernel.org/stable/c/a20e16ebfe2fa65348eb4b2dc7deac330ce03e9c
- https://git.kernel.org/stable/c/d55ffad8d422b5d1cc44dad32bd3d25f4471cd9f
- https://git.kernel.org/stable/c/d7a65a34d2453f8cd3e0cc0e1319740af7e24276
- https://git.kernel.org/stable/c/f2f95e6d4b97e70bb876139b0583fc8079983f85