CVE-2025-71116

{"id": "CVE-2025-71116", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-71116", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-10T20:42:27.725166Z"}}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "affected": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "affectedData": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "d061be4c8040ffb1110d537654a038b8b6ad39d2", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "145d140abda80e33331c5781d6603014fa75d258", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "c82e39ff67353a5a6cbc07b786b8690bd2c45aaa", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "e927ab132b87ba3f076705fc2684d94b24201ed1", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "5d0d8c292531fe356c4e94dcfdf7d7212aca9957", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "2acb8517429ab42146c6c0ac1daed1f03d2fd125", "versionType": "git"}, {"status": "affected", "version": "4f6a7e5ee1393ec4b243b39dac9f36992d161540", "lessThan": "8c738512714e8c0aa18f8a10c072d5b01c83db39", "versionType": "git"}], "programFiles": ["net/ceph/osdmap.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.9"}, {"status": "unaffected", "version": "0", "lessThan": "3.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.248", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.198", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.160", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.120", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.64", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.18.3", "versionType": "semver", "lessThanOrEqual": "6.18.*"}, {"status": "unaffected", "version": "6.19", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ceph/osdmap.c"], "defaultStatus": "affected"}]}], "published": "2026-01-14T15:16:01.277", "references": [{"url": "https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make decode_pool() more resilient against corrupted osdmaps\n\nIf the osdmap is (maliciously) corrupted such that the encoded length\nof ceph_pg_pool envelope is less than what is expected for a particular\nencoding version, out-of-bounds reads may ensue because the only bounds\ncheck that is there is based on that length value.\n\nThis patch adds explicit bounds checks for each field that is decoded\nor skipped."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nlibceph: hacer decode_pool() m\u00e1s resistente contra osdmaps corruptos\n\nSi el osdmap est\u00e1 (maliciosamente) corrupto de tal manera que la longitud codificada del envoltorio ceph_pg_pool es menor de lo que se espera para una versi\u00f3n de codificaci\u00f3n particular, pueden producirse lecturas fuera de l\u00edmites porque la \u00fanica comprobaci\u00f3n de l\u00edmites que existe se basa en ese valor de longitud.\n\nEste parche a\u00f1ade comprobaciones de l\u00edmites expl\u00edcitas para cada campo que se decodifica o se omite."}], "lastModified": "2026-06-17T10:03:41.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B8D212-DEC8-414B-8730-B7E649522F2F", "versionEndExcluding": "5.10.248", "versionStartIncluding": "3.9.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82159CAA-B6BA-43C6-85D8-65BDBC175A7E", "versionEndExcluding": "5.15.198", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C10CC03E-16A9-428A-B449-40D3763E15F6", "versionEndExcluding": "6.1.160", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43C3A206-5EEE-417B-AA0F-EF8972E7A9F0", "versionEndExcluding": "6.6.120", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32BF4A52-377C-44ED-B5E6-7EA5D896E98B", "versionEndExcluding": "6.12.64", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC484D8-FB4F-4112-900F-AE333B6FE7A7", "versionEndExcluding": "6.18.3", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "526A1838-B777-4270-82B2-E8BC398CB046"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}