Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-43304

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-08 May, 2026 | 13:11
Updated At-11 May, 2026 | 22:21
Rejected At-
Credits

libceph: define and enforce CEPH_MAX_KEY_LEN

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:08 May, 2026 | 13:11
Updated At:11 May, 2026 | 22:21
Rejected At:
▼CVE Numbering Authority (CNA)
libceph: define and enforce CEPH_MAX_KEY_LEN

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ceph/crypto.c
  • net/ceph/crypto.h
  • net/ceph/messenger_v2.c
Default Status
unaffected
Versions
Affected
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before 6405e8c680974bb74e2c98d5249fb52c7b12a6c6 (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before 8d745d38c88ecbed95f6b2b39857bf89f35a3244 (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before e1dc45d97975f9db65694d234fbddf1915176e16 (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before 1b275bd49e58752efb83767a5d1aed41356c5e64 (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before d82467c07b03a27c3c5469b62bb3b726305a80bb (git)
  • From cd1a677cad994021b19665ed476aea63f5d54f31 before ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ceph/crypto.c
  • net/ceph/crypto.h
  • net/ceph/messenger_v2.c
Default Status
affected
Versions
Affected
  • 5.11
Unaffected
  • From 0 before 5.11 (semver)
  • From 5.15.202 through 5.15.* (semver)
  • From 6.1.165 through 6.1.* (semver)
  • From 6.6.128 through 6.6.* (semver)
  • From 6.12.75 through 6.12.* (semver)
  • From 6.18.16 through 6.18.* (semver)
  • From 6.19.6 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6
N/A
https://git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244
N/A
https://git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16
N/A
https://git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64
N/A
https://git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed
N/A
https://git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bb
N/A
https://git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf
N/A
Hyperlink: https://git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bb
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:08 May, 2026 | 14:16
Updated At:15 May, 2026 | 13:25

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.202(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.165(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.128(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.12.75(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.13(inclusive) to 6.18.16(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.19(inclusive) to 6.19.6(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bb416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/1b275bd49e58752efb83767a5d1aed41356c5e64
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/6405e8c680974bb74e2c98d5249fb52c7b12a6c6
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/8d745d38c88ecbed95f6b2b39857bf89f35a3244
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/c1a0f5f1e5e7e98c36a362ec3d1fcfd9932931ed
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d82467c07b03a27c3c5469b62bb3b726305a80bb
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e1dc45d97975f9db65694d234fbddf1915176e16
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

252Records found
CVE-2015-5123
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-41.00% / 97.43%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 10:00
Updated-21 Apr, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-evergreenlinux_enterprise_desktopenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_euswindowsflash_playermacosflash_player_desktop_runtimelinux_kernellinux_enterprise_workstation_extensionn/aFlash Player
CWE ID-CWE-416
Use After Free
CVE-2022-22487
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_serverwindowslinux_kernelSpectrum Protect Server
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found