2461639 – (CVE-2026-41907) CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

Bug 2461639 (CVE-2026-41907) - CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

Summary: CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data int...

Keywords:
Status:	NEW
Alias:	CVE-2026-41907
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-24 19:03 UTC by OSIDB Bzimport
Modified:	2026-05-07 16:56 UTC (History)
CC List:	165 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-24 19:03:06 UTC

uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.

Note You need to log in before you can comment on or make changes to this bug.

aadhikar
aazores
abarbaro
abrianik
abuckta
adudiak
alcohan
alizardo
amctagga
anjoseph
anpicker
anthomas
aoconnor
asoldano
bbaranow
bbrownin
bdettelb
bmaxwell
bniver
bparees
brasmith
bsmejkal
bstansbe
caswilli
cdrage
chfoley
cmah
cmyers
cochase
dhanak
dkuc
dlofthou
dnakabaa
doconnor
dranck
drosa
dschmidt
dsimansk
dymurray
eaguilar
ebaron
ehelms
erezende
ewittman
fdeutsch
flucifre
ggainey
ggrzybek
gmalinko
gmeno
gotiwari
gparvin
groman
hasun
ibek
ibolton
istudens
ivassile
iweiss
jachapma
janstey
jbalunas
jchui
jfula
jgrulich
jhe
jhorak
jkoehler
jlanda
jmatthew
jmontleo
jolong
jowilson
jprabhak
jraez
jrokos
juwatts
jwong
kaycoth
kingland
kshier
ktsao
kverlaen
lchilton
lcouzens
lphiri
manissin
mbarnett
mbenjamin
mhackett
mhulan
mnovotny
mosmerov
mreynolds
mstipich
msvehla
mvyas
nboldt
nipatil
nmoumoul
nwallace
nyancey
oaljalju
omaciel
ometelka
orabin
oramraz
osousa
pahickey
pantinor
parichar
pberan
pcreech
pdelbell
pesilva
pgaikwad
pjindal
pmackay
progier
psrna
ptisnovs
rchan
rexwhite
rgodfrey
rhaigner
rhel-process-autobot
rjohnson
rkubis
rstancel
rstepani
rushinde
sausingh
sdawley
sdoran
sfeifer
simaishi
slucidi
smaestri
smallamp
smcdonal
smullick
snegrini
sostapov
spichugi
sseago
stcannon
sthirugn
stirabos
swoodman
syedriko
tasato
tbordaz
teagle
thason
thjenkin
tmalecek
tpopela
ttakamiy
vashirov
vdosoudi
vereddy
watson-tool-maintainers
wtam
xdharmai
yguenane