CVE-2026-43273

ceph: supply snapshot context in ceph_zero_partial_object()

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ceph: supply snapshot context in ceph_zero_partial_object()

The ceph_zero_partial_object function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots.

Reproducer: ../src/vstart.sh --new -x --localhost --bluestore ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a' mount -t ceph fs_a@.a=/ /mnt/mycephfs/ -o conf=./ceph.conf dd if=/dev/urandom of=/mnt/mycephfs/foo bs=64K count=1 mkdir /mnt/mycephfs/.snap/snap1 md5sum /mnt/mycephfs/.snap/snap1/foo fallocate -p -o 0 -l 4096 /mnt/mycephfs/foo echo 3 > /proc/sys/vm/drop/caches md5sum /mnt/mycephfs/.snap/snap1/foo # get different md5sum!!

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 36673344b41c31fb502dd0d0113cec1aa96f581e (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 5788b742007f53406049bef917833a71ddd43f60 (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 757873abfc8ea38592582180aed0f57f0f0cb07a (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 9efa154609cdb658f51c7d76b30a09f7e6485250 (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 531a76c5a2e44264cee8a70121e63eb28c1ba728 (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 69e59a87bab0ea31ab2a584fc65e12dafacf8953 (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 4097e70fc543cca72982854108a32f6ae924e727 (excl.) affected from ad7a60de882aca31afb58721db166f7e77afcd92 to f16bd3fa74a2084ee7e16a8a2be7e7399b970907 (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 36673344b41c31fb502dd0d0113cec1aa96f581e (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 5788b742007f53406049bef917833a71ddd43f60 (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 757873abfc8ea38592582180aed0f57f0f0cb07a (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 9efa154609cdb658f51c7d76b30a09f7e6485250 (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 531a76c5a2e44264cee8a70121e63eb28c1ba728 (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 69e59a87bab0ea31ab2a584fc65e12dafacf8953 (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to 4097e70fc543cca72982854108a32f6ae924e727 (excl.)
affected from ad7a60de882aca31afb58721db166f7e77afcd92 to f16bd3fa74a2084ee7e16a8a2be7e7399b970907 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 3.12 is affected unaffected from 0 to 3.12 (excl.) unaffected from 5.10.252 to 5.10.* (incl.) unaffected from 5.15.202 to 5.15.* (incl.) unaffected from 6.1.165 to 6.1.* (incl.) unaffected from 6.6.128 to 6.6.* (incl.) unaffected from 6.12.75 to 6.12.* (incl.) unaffected from 6.18.16 to 6.18.* (incl.) unaffected from 6.19.6 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 3.12 is affected
unaffected from 0 to 3.12 (excl.)
unaffected from 5.10.252 to 5.10.* (incl.)
unaffected from 5.15.202 to 5.15.* (incl.)
unaffected from 6.1.165 to 6.1.* (incl.)
unaffected from 6.6.128 to 6.6.* (incl.)
unaffected from 6.12.75 to 6.12.* (incl.)
unaffected from 6.18.16 to 6.18.* (incl.)
unaffected from 6.19.6 to 6.19.* (incl.)
unaffected from 7.0 to * (incl.)

References

CVE-2026-43273 PUBLISHED

ceph: supply snapshot context in ceph_zero_partial_object()

Product Status

References