Out-of-bounds read in Linux kernel - CVE-2026-52958
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds access in osdmap_decode() when decoding a corrupted incoming osdmap message. A remote attacker can send a specially crafted osdmap message to cause a denial of service.
The issue can occur when the max_osd value in the message exceeds the actual content of the osdmap.
How to mitigate CVE-2026-52958
Sources
- https://git.kernel.org/stable/c/0d2dd7e6bb74fd7712aa73457a4a821906c6863a
- https://git.kernel.org/stable/c/35d0ed82d03e5ee77ea4f31f20e29562a7721649
- https://git.kernel.org/stable/c/36a79759a288961b1ff28a68ec2d1f56f6848098
- https://git.kernel.org/stable/c/3f2575bb7f955d42569d96c3e04fa958a0dcf4b4
- https://git.kernel.org/stable/c/48df98d12b15360cd56af5c1f460307b340c1197
- https://git.kernel.org/stable/c/8713bbc4b2b9ad78f803978e54b7e49dd21bd9be
- https://git.kernel.org/stable/c/e7187f33c02488697ec0d01d82bf7a3f8deaba8f
- https://git.kernel.org/stable/c/ee933694645dac062d65fc2743f92bc06fa0db6b