CVE-2026-22990
Published: January 24, 2026Last modified: January 24, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.161-r0) |
| 25 LTS | linux-lts | Fixed (6.12.66-r0) | |
| Stream | linux-lts | Fixed (6.12.66-r0) |
References
- https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea
- https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3
- https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c
- https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b
- https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d
- https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9
- https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b