CVE-2026-43419

EUVD-2026-28725
In the Linux kernel, the following vulnerability has been resolved:

ceph: fix memory leaks in ceph_mdsc_build_path()

Add __putname() calls to error code paths that did not free the "path"
pointer obtained by __getname().  If ownership of this pointer is not
passed to the caller via path_info.path, the function must free it
before returning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.14-1
fixed
sid
7.0.4-1
fixed
trixie
vulnerable
trixie (security)
6.12.86-1
fixed
References
https://git.kernel.org/stable/c/040d159a45ded7f33201421a81df0aa2a86e5a0b
https://git.kernel.org/stable/c/097cd68f46686391a98f2618188f0cb7b7570de2
https://git.kernel.org/stable/c/13b8b9d6f59ef17fb96c298c3a0d62a8306950cc
https://git.kernel.org/stable/c/5895d0164c84d7fec6abc198920c257f55c51899
https://git.kernel.org/stable/c/657dc653b06a3cc0282aea447a3f137fa94066a4