CVE-2025-71116

HIGH

Linux kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258

Patch

https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125

Patch

https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957

Patch

https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39

Patch

https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa

Patch

https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2

Patch

https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (25)

linux/Kernel 3.9.0 - 5.10.248linux

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 6.13.0 - 6.18.3linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.64linux

Linux/Linux < 3.9

Linux/Linux 3.9

Linux/Linux 4f6a7e5ee1393ec4b243b39dac9f36992d161540 - 145d140abda80e33331c5781d6603014fa75d258

Linux/Linux 4f6a7e5ee1393ec4b243b39dac9f36992d161540 - 2acb8517429ab42146c6c0ac1daed1f03d2fd125

... and 15 more

Published Jan 14, 2026

Tracked Since Feb 18, 2026