In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway.

A flaw was found in the `libceph` component of the Linux kernel. This vulnerability occurs when the kernel processes authentication keys, specifically in the `process_auth_done()` function, where it fails to properly enforce a maximum length for key material. An attacker could exploit this by providing an overly long key, potentially leading to a buffer overflow. This could result in a denial of service (DoS) or other unpredictable system behavior.

libceph decoded authentication key material without enforcing the maximum key length expected by the fixed-size session key buffer used in process_auth_done(). A malicious or compromised Ceph monitor endpoint, or an attacker able to tamper with monitor authentication traffic, may provide oversized key material and trigger kernel memory corruption in the client auth path. For the CVSS the PR:N is used because no privileges are required on the victim system once the attacker can influence the remote Ceph auth endpoint. The issue is network reachable in Ceph deployments where monitor traffic is exposed to the attacker, although practical exploitation usually requires access to the storage cluster network or control of a trusted monitor. Impact in most cases is remote denial of service via kernel crash only, and only in worst case think of potential confidentiality and integrity impact. Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Affected kernel Red Hat Enterprise Linux 7 Affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43304 https://nvd.nist.gov/vuln/detail/CVE-2026-43304 https://lore.kernel.org/linux-cve-announce/2026050857-CVE-2026-43304-a225@gregkh/T