Out-of-bounds read in Linux kernel - CVE-2026-52956
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in __ceph_x_decrypt() when processing a crafted Ceph authentication reply message. A remote attacker can send a specially crafted message frame to cause a denial of service.
The issue can be triggered when the ciphertext is too short to contain a ceph_x_encrypt_header, such as in a FRAME_TAG_AUTH_REPLY_MORE message.