Skip to main content

Linux Kernel CVE-2026-52960

| EUVDEUVD-2026-38828 HIGH
2026-06-24 Linux GHSA-928w-8whm-4cq9
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Requires local I/O on a CephFS mount (AV:L, PR:L) via a simple write loop (AC:L); leak causes memory exhaustion so impact is availability-only (A:H, C:N, I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:36 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:28 cve.org
HIGH 7.5
CVE Published
Jun 24, 2026 - 16:28 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ceph: put folios not suitable for writeback

The batch holds references to the folios (see filemap_get_folios, folio_batch_release), so we need to folio_put the folios we remove.

Tested on v6.18.

AnalysisAI

Denial of service in the Linux kernel's CephFS (ceph) client allows local users with an active CephFS mount to leak kernel memory by triggering the dirty-page writeback path. The flaw stems from a missing reference release on folios that the writeback batch holds but removes as unsuitable, gradually pinning pages and exhausting kernel memory (CVSS 7.5, availability-only). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local I/O access to a CephFS mount
Delivery
Repeatedly write/dirty files to force writeback
Exploit
Writeback removes unsuitable folios without folio_put
Execution
Folio references leak and pin pages
Impact
Kernel memory exhausted, system DoS

Vulnerability AssessmentAI

Exploitation The affected host must have the Ceph kernel client (CephFS) in use with an active mount, and the attacker must be able to generate dirty-page writeback against it (i.e., perform file writes that route through fs/ceph's writeback path). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and skew lower than the headline CVSS 7.5 suggests. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user (or a workload/container) on a host with a mounted CephFS repeatedly writes and dirties files to drive the kernel's writeback path over folios the client deems unsuitable for writeback. Each such cycle leaks folio references that pin pages, and over time kernel memory is exhausted, degrading or crashing the system. …
Remediation Patch available per vendor advisory: apply the upstream stable fixes referenced at https://git.kernel.org/stable/c/86921e890fe1dea9791fb70bec552516fd47716a and https://git.kernel.org/stable/c/544576f0f05c4a759806acddfaaeb686f14fb4b0 by updating to the corresponding patched stable kernel from your distribution (the released, distro-tagged patched version is not independently confirmed from the input, so rely on your vendor's backport that cites this CVE). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and catalog all Linux systems with active CephFS mounts; assess which business services depend on these systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52960 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy