CVE-2026-23136— libceph: reset sparse-read state in osd_fault()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23136
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libceph: reset sparse-read state in osd_fault()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于osd_fault函数未重置稀疏读取状态,可能导致连接故障后状态机错误和数据解析失败。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-23136
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23136
请登录查看更多情报信息。
Same Patch Batch · Linux · 2026-02-14 · 108 CVEs total
| CVE-2026-23193 | 8.8 HIGH | scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() |
| CVE-2026-23172 | 8.4 HIGH | net: wwan: t7xx: fix potential skb->frags overflow in RX path |
| CVE-2026-23209 | 7.8 HIGH | macvlan: fix error recovery in macvlan_common_newlink() |
| CVE-2026-23178 | 7.8 HIGH | HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() |
| CVE-2026-23184 | 7.8 HIGH | binder: fix UAF in binder_netlink_report() |
| CVE-2026-23185 | 7.8 HIGH | wifi: iwlwifi: mld: cancel mlo_scan_start_wk |
| CVE-2026-23171 | 7.8 HIGH | bonding: fix use-after-free due to enslave fail after slave array update |
| CVE-2026-23169 | 7.8 HIGH | mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() |
| CVE-2026-23191 | 7.8 HIGH | ALSA: aloop: Fix racy access at PCM trigger |
| CVE-2026-23192 | 7.8 HIGH | linkwatch: use __dev_put() in callers to prevent UAF |
| CVE-2026-23198 | 7.8 HIGH | KVM: Don't clobber irqfd routing type when deassigning irqfd |
| CVE-2026-23148 | 7.5 HIGH | nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference |
| CVE-2026-23139 | 7.5 HIGH | netfilter: nf_conncount: update last_gc only when GC has been performed |
| CVE-2026-23161 | 7.3 HIGH | mm/shmem, swap: fix race of truncate and swap entry split |
| CVE-2026-23204 | 7.1 HIGH | net/sched: cls_u32: use skb_header_pointer_careful() |
| CVE-2026-23195 | 7.0 HIGH | cgroup/dmem: avoid pool UAF |
| CVE-2026-23180 | 7.0 HIGH | dpaa2-switch: add bounds check for if_id in IRQ handler |
| CVE-2026-23175 | 7.0 HIGH | net: cpsw: Execute ndo_set_rx_mode callback in a work queue |
| CVE-2026-23142 | mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure | |
| CVE-2026-23141 | btrfs: send: check for inline extents in range_is_hole_in_parent() |
Showing top 20 of 108 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2026-23136
No comments yet