CVE-2026-22990— libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

CVSS 7.5 · High EPSS 0.02% · P5 Updated May 15, 2026

Possible ATT&CK Techniques 2AI

T1059 · Command and Scripting Interpreter T1499 · Endpoint Denial of Service

Affected Version Matrix 16

Vendor	Product	Version Range	Status
Linux	Linux	`f24e9980eb860d8600cbe5ef3d2fd9295320d229< 9aa0b0c14cefece078286d78b97d4c09685e372d`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< 4b106fbb1c7b841cd402abd83eb2447164c799ea`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< 6afd2a4213524bc742b709599a3663aeaf77193c`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< d3613770e2677683e65d062da5e31f48c409abe9`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< 6c6cec3db3b418c4fdf815731bc39e46dff75e1b`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< 6348d70af847b79805374fe628d3809a63fd7df3`	affected
		`f24e9980eb860d8600cbe5ef3d2fd9295320d229< e00c3f71b5cf75681dbd74ee3f982a99cb690c2b`	affected
		`2.6.34`	affected
… +8 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-22990

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于osdmap_apply_incremental存在过于严格的BUG_ON断言，可能导致崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	f24e9980eb860d8600cbe5ef3d2fd9295320d229 ~ 9aa0b0c14cefece078286d78b97d4c09685e372d	-
Linux	Linux	2.6.34	-

II. Public POCs for CVE-2026-22990

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-22990

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2026-22990

Same Patch Batch · Linux · 2026-01-23 · 34 CVEs total

CVE-2026-22984	9.8 CRITICAL	libceph: prevent potential out-of-bounds reads in handle_auth_done()
CVE-2026-22980	7.8 HIGH	nfsd: provide locking for v4_end_grace
CVE-2026-22988	7.8 HIGH	arp: do not assume dev_hard_header() does not change skb->head
CVE-2026-22992	7.5 HIGH	libceph: return the handler error from mon_handle_auth_done()
CVE-2026-22991	7.5 HIGH	libceph: make free_choose_arg_map() resilient to partial allocation
CVE-2026-22987		net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy
CVE-2026-22979		net: fix memory leak in skb_segment_list for GRO packets
CVE-2026-22981		idpf: detach and close netdevs while handling a reset
CVE-2026-22982		net: mscc: ocelot: Fix crash when adding interface under a lag
CVE-2026-22983		net: do not write to msg_get_inq in callee
CVE-2026-22985		idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
CVE-2026-22986		gpiolib: fix race condition for gdev->srcu
CVE-2026-22978		wifi: avoid kernel-infoleak from struct iw_point
CVE-2026-22989		nfsd: check that server is running in unlock_filesystem
CVE-2026-22993		idpf: Fix RSS LUT NULL ptr issue after soft reset
CVE-2026-22994		bpf: Fix reference count leak in bpf_prog_test_run_xdp()
CVE-2026-22995		ublk: fix use-after-free in ublk_partition_scan_work
CVE-2025-71145		usb: phy: isp1301: fix non-OF device reference imbalance
CVE-2025-71161		dm-verity: disable recursive forward error correction
CVE-2025-71160		netfilter: nf_tables: avoid chain re-validation if possible

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2026-22990

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-22990— libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

Possible ATT&CK Techniques 2AI

Affected Version Matrix 16

I. Basic Information for CVE-2026-22990

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-22990

III. Intelligence Information for CVE-2026-22990

Same Patch Batch · Linux · 2026-01-23 · 34 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-22990

Leave a comment