Skip to main content

Linux Kernel CVE-2026-52962

| EUVDEUVD-2026-38830 HIGH
Out-of-bounds Write (CWE-787)
2026-06-24 Linux GHSA-2p2x-px9w-6j23
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
5.5 MEDIUM

Local low-priv access to a CephFS mount (AV:L/PR:L); a buffer leak causes only memory-exhaustion DoS (A:H) with no confidentiality or integrity impact (C:N/I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 14, 2026 - 19:53 vuln.today
CVSS changed
Jul 14, 2026 - 16:22 NVD
7.8 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:28 nvd
HIGH 7.8
CVE Published
Jun 24, 2026 - 16:28 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix a buffer leak in __ceph_setxattr()

The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value during the retry. However, it is never called the ceph_buffer_put() for the old_blob object. This patch fixes the issue of the buffer leak.

AnalysisAI

Memory leak in the Linux kernel's Ceph client (CephFS) allows a local, low-privileged user to exhaust kernel buffer memory by repeatedly triggering the retry path in __ceph_setxattr(), where the old_blob holding ci->i_xattrs.prealloc_blob is never released via ceph_buffer_put(). The flaw affects systems mounting CephFS and is addressed by an upstream stable fix; there is no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.18%). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privileged access
Delivery
Reach mounted CephFS filesystem
Exploit
Repeatedly call setxattr forcing retry path
Execution
Leak prealloc_blob buffer each retry
Persist
Exhaust kernel memory
Impact
Denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires local authenticated access (CVSS PR:L) to a host with the CephFS kernel client and a mounted Ceph filesystem the attacker can issue setxattr operations against; the attacker must repeatedly drive the __ceph_setxattr() retry path so old_blob leaks. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 7.8) rates high impact, but that C:H/I:H/A:H profile is questionable for what the description characterizes as a memory leak - a leak realistically produces availability degradation (memory exhaustion/DoS) rather than confidentiality or integrity loss, so the 7.8 likely overstates real impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with access to a mounted CephFS repeatedly invokes setxattr in a way that forces the __ceph_setxattr() retry path, leaking a preallocated ceph_buffer on each iteration. Over time this exhausts kernel memory, degrading or crashing the host (denial of service). …
Remediation Vendor-released patch: upgrade to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, or 7.0.10 or later on the corresponding branch (apply your distribution's backported kernel update). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify and inventory all systems running CephFS and document their current kernel and Ceph versions to determine exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52962 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy