{"id":"CVE-2025-71116","summary":"libceph: make decode_pool() more resilient against corrupted osdmaps","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make decode_pool() more resilient against corrupted osdmaps\n\nIf the osdmap is (maliciously) corrupted such that the encoded length\nof ceph_pg_pool envelope is less than what is expected for a particular\nencoding version, out-of-bounds reads may ensue because the only bounds\ncheck that is there is based on that length value.\n\nThis patch adds explicit bounds checks for each field that is decoded\nor skipped.","modified":"2026-04-02T13:04:50.241109Z","published":"2026-01-14T15:06:04.476Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:0411-1","SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0474-1","SUSE-SU-2026:0496-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:1078-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20287-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71116.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71116.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71116"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4f6a7e5ee1393ec4b243b39dac9f36992d161540"},{"fixed":"d061be4c8040ffb1110d537654a038b8b6ad39d2"},{"fixed":"145d140abda80e33331c5781d6603014fa75d258"},{"fixed":"c82e39ff67353a5a6cbc07b786b8690bd2c45aaa"},{"fixed":"e927ab132b87ba3f076705fc2684d94b24201ed1"},{"fixed":"5d0d8c292531fe356c4e94dcfdf7d7212aca9957"},{"fixed":"2acb8517429ab42146c6c0ac1daed1f03d2fd125"},{"fixed":"8c738512714e8c0aa18f8a10c072d5b01c83db39"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71116.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.9.0"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71116.json"}}],"schema_version":"1.7.5"}