ceph: fix a buffer leak in __ceph_setxattr()

Summary

CVE	CVE-2026-52962
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-24 17:17:06 UTC
Updated	2026-06-24 17:17:06 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in __ceph_setxattr() The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value during the retry. However, it is never called the ceph_buffer_put() for the old_blob object. This patch fixes the issue of the buffer leak.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 521e5aba857fd267624892c8dd6295f22ce0267e git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 d0cb994605c84a159c1d00d72cdc8583c321ef95 git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ecf94823c5c6a20790bb76ed2816822b0beb0c22 git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 4bfdcefdaa6092a06cacd59389c7756b36e6de8c git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 7d3e8d2d648d5f0df29b4710246680f47695fe94 git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 3fa13ceefbc5f36131110342743994cb3de80637 git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 bc7abce4460e490dcb579eec770f175b150b685f git	Not specified
CNA	Linux	Linux	affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 5d3cc36b4e77a27ce7b686b7c59c7072bcb3fa8e git	Not specified
CNA	Linux	Linux	affected 5.10.258 semver	Not specified
CNA	Linux	Linux	affected 5.15.209 semver	Not specified
CNA	Linux	Linux	affected 6.1.175 semver	Not specified
CNA	Linux	Linux	affected 6.6.141 semver	Not specified
CNA	Linux	Linux	affected 6.12.91 semver	Not specified
CNA	Linux	Linux	affected 6.18.33 semver	Not specified
CNA	Linux	Linux	affected 7.0.10 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.258 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.141 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.91 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.33 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.10 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/521e5aba857fd267624892c8dd6295f22ce0267e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/4bfdcefdaa6092a06cacd59389c7756b36e6de8c	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d0cb994605c84a159c1d00d72cdc8583c321ef95	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/bc7abce4460e490dcb579eec770f175b150b685f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/3fa13ceefbc5f36131110342743994cb3de80637	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ecf94823c5c6a20790bb76ed2816822b0beb0c22	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/7d3e8d2d648d5f0df29b4710246680f47695fe94	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5d3cc36b4e77a27ce7b686b7c59c7072bcb3fa8e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.