ceph: fix a buffer leak in __ceph_setxattr()

Summary

CVECVE-2026-52962
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-06-24 17:17:06 UTC
Updated2026-07-14 16:18:32 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in __ceph_setxattr() The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value during the retry. However, it is never called the ceph_buffer_put() for the old_blob object. This patch fixes the issue of the buffer leak.

Risk And Classification

Primary CVSS: v3.1 7.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.001840000 probability, percentile 0.081740000 (date 2026-07-13)

Problem Types: CWE-787

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 521e5aba857fd267624892c8dd6295f22ce0267e git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 d0cb994605c84a159c1d00d72cdc8583c321ef95 git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 ecf94823c5c6a20790bb76ed2816822b0beb0c22 git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 4bfdcefdaa6092a06cacd59389c7756b36e6de8c git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 7d3e8d2d648d5f0df29b4710246680f47695fe94 git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 3fa13ceefbc5f36131110342743994cb3de80637 git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 bc7abce4460e490dcb579eec770f175b150b685f git Not specified
CNA Linux Linux affected 86968ef21596515958d5f0a40233d02be78ecec0 5d3cc36b4e77a27ce7b686b7c59c7072bcb3fa8e git Not specified
CNA Linux Linux affected 1d86cb8d3204337e1853b84d69ea0f30dc0ba973 git Not specified
CNA Linux Linux affected 9cec64d3f6d91da590cc4069172254067b43d0b2 git Not specified
CNA Linux Linux affected de30fc2ca852365ed635f62d7d818bffc15e55c9 git Not specified
CNA Linux Linux affected dfb8712c7acce0689aed6c400a22b35f4d2861fe git Not specified
CNA Linux Linux affected f41cd559f1f3412db8e0acdede05ecf990ebfd8a git Not specified
CNA Linux Linux affected 4.4.192 4.5 semver Not specified
CNA Linux Linux affected 4.9.192 4.10 semver Not specified
CNA Linux Linux affected 4.14.143 4.15 semver Not specified
CNA Linux Linux affected 4.19.72 4.20 semver Not specified
CNA Linux Linux affected 5.2.14 5.3 semver Not specified
CNA Linux Linux affected 5.3 Not specified
CNA Linux Linux unaffected 5.3 semver Not specified
CNA Linux Linux unaffected 5.10.258 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.209 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.175 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.141 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.91 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.33 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.10 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/521e5aba857fd267624892c8dd6295f22ce0267e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/4bfdcefdaa6092a06cacd59389c7756b36e6de8c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/d0cb994605c84a159c1d00d72cdc8583c321ef95 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/bc7abce4460e490dcb579eec770f175b150b685f 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/3fa13ceefbc5f36131110342743994cb3de80637 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/ecf94823c5c6a20790bb76ed2816822b0beb0c22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/7d3e8d2d648d5f0df29b4710246680f47695fe94 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/5d3cc36b4e77a27ce7b686b7c59c7072bcb3fa8e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report