CVE-2025-71116

If the osdmap is (maliciously) corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value.

This patch adds explicit bounds checks for each field that is decoded or skipped.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71116.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4f6a7e5ee1393ec4b243b39dac9f36992d161540

Fixed

d061be4c8040ffb1110d537654a038b8b6ad39d2

Fixed

145d140abda80e33331c5781d6603014fa75d258

Fixed

c82e39ff67353a5a6cbc07b786b8690bd2c45aaa

Fixed

e927ab132b87ba3f076705fc2684d94b24201ed1

Fixed

5d0d8c292531fe356c4e94dcfdf7d7212aca9957

Fixed

2acb8517429ab42146c6c0ac1daed1f03d2fd125

Fixed

8c738512714e8c0aa18f8a10c072d5b01c83db39

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71116.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.9.0

Fixed

5.10.248

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.198

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.160

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.120

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.64

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71116.json"