Description
In the Linux kernel, the following vulnerability has been resolved:

libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

If the osdmap is (maliciously) corrupted such that the incremental
osdmap epoch is different from what is expected, there is no need to
BUG. Instead, just declare the incremental osdmap to be invalid.
Published: 2026-01-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel panic from corrupted Ceph osdmap data
Action: Update Kernel
AI Analysis

Impact

A flaw in the Linux kernel's libceph module allowed an attacker to supply a malicious incremental osdmap epoch that would trigger a BUG_ON, causing an unexpected kernel panic. The issue was addressed by changing the code to detect the invalid epoch and simply mark the osdmap as invalid instead of crashing, thereby removing the denial‑of‑service vector. The weakness is a logic error that was previously triggered by unsanitized input, identified as CWE‑617. The primary impact is a loss of availability for the affected host, with no known confidentiality or integrity compromise.

Affected Systems

The vulnerability applies to all Linux kernel releases prior to the patch that introduced the change in osdmap_apply_incremental(). The CPE list includes many kernel versions, but the exact impacted releases are not specified. Users of any Linux distribution that contains an unpatched kernel containing the libceph module are potentially affected.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% signifies a very low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to supply a malformed Ceph osdmap to the kernel, which can be done via Ceph client or control plane interactions; therefore the attack vector is likely local or remote through malicious Ceph traffic. The patched version eliminates the crash, so the remaining risk is limited to availability degradation on systems that cannot be updated quickly.

Generated by OpenCVE AI on April 18, 2026 at 15:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the libceph osdmap_apply_incremental patch
  • Configure Ceph cluster to require authentication and enforce epoch consistency checks to prevent malformed osdmap injections
  • Monitor kernel logs for BUG_ON or panic events and set up alerts for unexpected osdmap updates

Generated by OpenCVE AI on April 18, 2026 at 15:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8096-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-4 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-5 Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN Ubuntu USN USN-8116-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8141-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
History

Thu, 26 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
CPEs cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 24 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 23 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.
Title libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:36:41.367Z

Reserved: 2026-01-13T15:37:45.937Z

Link: CVE-2026-22990

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T16:15:55.077

Modified: 2026-02-26T17:22:52.020

Link: CVE-2026-22990

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2026-22990 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:15:03Z

Weaknesses