Description

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped.

INFO

Published Date :

2026-01-14T15:06:04.476Z

Last Modified :

2026-01-19T12:20:19.147Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71116 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71116.

URL Resource
https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258 cve-icon cve-icon
https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125 cve-icon cve-icon
https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957 cve-icon cve-icon
https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39 cve-icon cve-icon
https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa cve-icon cve-icon
https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2 cve-icon cve-icon
https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011414-CVE-2025-71116-e57d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71116 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71116 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact