How severe is CVE-2025-71116?

The severity of CVE-2025-71116 has not been assessed with CVSS v3.

CVE-2025-71116

NONE

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encode

发布于: 1/14/2026更新于: 1/14/2026

描述

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped.

AI分析AI驱动

参考资料

https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125
https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957
https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39
https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa
https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1