CVE-2026-43304
Description
In the Linux kernel, the following vulnerability has been resolved:
libceph: define and enforce CEPH_MAX_KEY_LEN
When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length.
The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing maximum key length check in libceph's key decoding can cause a heap buffer overflow, leading to potential remote code execution in the Linux kernel.
Vulnerability
CVE-2026-43304 is a critical vulnerability in the Linux kernel's Ceph filesystem client (libceph). The issue arises in the process_auth_done() function when decoding authentication keys. Previously, the kernel only checked for keys with no material, but did not enforce an upper bound on key length. By defining and enforcing CEPH_MAX_KEY_LEN, the patch ensures that key material fits into a fixed-size buffer, preventing a buffer overflow. [1]
Exploitation
An attacker can exploit this vulnerability by sending a crafted authentication response containing an excessively long key to a vulnerable system running the Ceph client. No authentication is required to trigger the overflow; the attack can be performed remotely over the network. The attacker only needs to be able to send malicious Ceph protocol messages, which typically requires network access to the target host. [1]
Impact
Successful exploitation allows an attacker to overflow the fixed-size key buffer, potentially leading to memory corruption. This can result in arbitrary code execution with kernel privileges, complete system compromise, or denial of service. Given the critical CVSS score of 9.8, the vulnerability is considered easily exploitable and of high severity. [1]
Mitigation
The fix was committed to the Linux kernel stable tree as commit 1b275bd49e58752efb83767a5d1aed41356c5e64. Users are strongly advised to update their kernel to a version containing this patch. No workarounds are known, and the CVE is not listed as exploited in the wild (KEV) as of the publication date. [1]
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64nvdPatch
- git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6nvdPatch
- git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244nvdPatch
- git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bfnvdPatch
- git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ednvdPatch
- git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bbnvdPatch
- git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16nvdPatch
News mentions
0No linked articles in our index yet.