CVE-2026-22990 HIGH

CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

Vendor Linux
Product Linux
Published January 23, 2026
Last update May 11, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

Key dates

02Disclosure timeline

January 23, 2026 CVE published
May 11, 2026 Record updated