CVE-2026-22990

Published Jan 23, 2026

Last updated 2 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-617

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "40C41FEA-994B-4964-8F5A-C7E2E24BBC05",
            "versionEndExcluding": "5.10.248",
            "versionStartIncluding": "2.6.34.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "82159CAA-B6BA-43C6-85D8-65BDBC175A7E",
            "versionEndExcluding": "5.15.198",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E135B7E2-61FC-4DC1-8570-ABD67894FFDE",
            "versionEndExcluding": "6.1.161",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BB7A164B-7422-4A1C-82FB-5FCAEE53C06C",
            "versionEndExcluding": "6.6.121",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F72B884C-B44F-40E4-9895-CE421AC663D0",
            "versionEndExcluding": "6.12.66",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "879529BC-5B4C-4EBE-BF1D-1A31404A8B2E",
            "versionEndExcluding": "6.18.6",
            "versionStartIncluding": "6.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*",
            "matchCriteriaId": "A3B1BC1D-ED46-4364-A1D9-1FA74182B03A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "86D3F64C-3F27-43E0-B0D4-62CE1E1F4EFB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "7927713B-5EB0-41EB-86A9-9935775162E0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "59037296-3143-4FBB-AFF7-D4FE2C85502F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "9CA27FD5-7DBF-4C85-80A9-D523B2E4B033",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "9711E333-A8E7-4F4B-BCFD-2023E889651A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "E04D3358-973B-42A1-8E08-2E3AE947193C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References