Linux kernel libceph OOB read via corrupted osdmaps
CVE-2025-71116 Published on January 14, 2026
libceph: make decode_pool() more resilient against corrupted osdmaps
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps
If the osdmap is (maliciously) corrupted such that the encoded length
of ceph_pg_pool envelope is less than what is expected for a particular
encoding version, out-of-bounds reads may ensue because the only bounds
check that is there is based on that length value.
This patch adds explicit bounds checks for each field that is decoded
or skipped.
Products Associated with CVE-2025-71116
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below d061be4c8040ffb1110d537654a038b8b6ad39d2 is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below 145d140abda80e33331c5781d6603014fa75d258 is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below c82e39ff67353a5a6cbc07b786b8690bd2c45aaa is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below e927ab132b87ba3f076705fc2684d94b24201ed1 is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below 5d0d8c292531fe356c4e94dcfdf7d7212aca9957 is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below 2acb8517429ab42146c6c0ac1daed1f03d2fd125 is affected.
- Version 4f6a7e5ee1393ec4b243b39dac9f36992d161540 and below 8c738512714e8c0aa18f8a10c072d5b01c83db39 is affected.
- Version 3.9 is affected.
- Before 3.9 is unaffected.
- Version 5.10.248, <= 5.10.* is unaffected.
- Version 5.15.198, <= 5.15.* is unaffected.
- Version 6.1.160, <= 6.1.* is unaffected.
- Version 6.6.120, <= 6.6.* is unaffected.
- Version 6.12.64, <= 6.12.* is unaffected.
- Version 6.18.3, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.