AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-43408: In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initial

infovulnerability

security

Source: NVD/CVE DatabaseMay 8, 2026CVE-2026-43408

Summary

A vulnerability in the Linux kernel's Ceph file system code causes crashes because some function calls to ceph_mdsc_build_path() were missing proper initialization of a data structure called ceph_path_info (a container holding file path information). When ceph_mdsc_free_path_info() tries to clean up this uninitialized data, it can crash the kernel or potentially be exploited.

Solution / Mitigation

Add zero-initializers for ceph_path_info parameters to all ceph_mdsc_build_path() callers that were missing them. The fix involves initializing the structure everywhere it is used, ensuring the structure is zeroed out before being passed to ceph_mdsc_build_path().

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 8, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43408

First tracked: May 8, 2026 at 02:11 PM

Classified by LLM (prompt v3) · confidence: 95%