CVE-2026-52962
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A buffer leak was discovered in the __ceph_setxattr() function in the Ceph filesystem within the Linux kernel. During retries, the old_blob variable stores the ci->i_xattrs.prealloc_blob value but is never freed via ceph_buffer_put(), causing a memory leak.
Risk Assessment
This buffer leak can gradually exhaust kernel memory, leading to system performance degradation or crashes under prolonged operation.
Recommendation
Immediately update the Linux kernel to a version containing the fix that resolves the buffer leak in __ceph_setxattr().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in __ceph_setxattr() The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value during the retry. However, it is never called the ceph_buffer_put() for the old_blob object. This patch fixes the issue of the buffer leak.

