CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea	Patch
https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3	Patch
https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c	Patch
https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b	Patch
https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d	Patch
https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9	Patch
https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.34:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::

History

27 Apr 2026, 14:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 7.5
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: libceph: reemplazar el BUG_ON excesivo en osdmap_apply_incremental() Si el osdmap está (maliciosamente) corrupto de tal manera que la época del osdmap incremental es diferente de lo que se espera, no hay necesidad de BUG. En su lugar, simplemente declarar el osdmap incremental como inválido.

26 Feb 2026, 17:22

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea -~~	() https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea - Patch
References	~~() https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3 -~~	() https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3 - Patch
References	~~() https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c -~~	() https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c - Patch
References	~~() https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b -~~	() https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b - Patch
References	~~() https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d -~~	() https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d - Patch
References	~~() https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9 -~~	() https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9 - Patch
References	~~() https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b -~~	() https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b - Patch
CWE		CWE-617
CPE		cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:-:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.34:rc5::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel

23 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-23 16:15

Updated : 2026-04-27 14:16

NVD link : CVE-2026-22990

Mitre link : CVE-2026-22990

CVE.ORG link : CVE-2026-22990

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-617

Reachable Assertion

7.5 /10