Bug 2492394 (CVE-2026-52962) - CVE-2026-52962 kernel: ceph: fix a buffer leak in __ceph_setxattr()
Summary: CVE-2026-52962 kernel: ceph: fix a buffer leak in __ceph_setxattr()
Keywords:
Status: NEW
Alias: CVE-2026-52962
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-24 18:09 UTC by OSIDB Bzimport
Modified: 2026-06-26 15:05 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-24 18:09:41 UTC
In the Linux kernel, the following vulnerability has been resolved:

ceph: fix a buffer leak in __ceph_setxattr()

The old_blob in __ceph_setxattr() can store
ci->i_xattrs.prealloc_blob value during the retry.
However, it is never called the ceph_buffer_put()
for the old_blob object. This patch fixes the issue of
the buffer leak.

Comment 1 Mauro Matteo Cascella 2026-06-26 15:01:22 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062437-CVE-2026-52962-69b4@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.