CVE-2026-22984
Published: 23 January 2026
Summary
CVE-2026-22984 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires explicit bounds checking on payload_len in libceph's handle_auth_done() to directly prevent out-of-bounds reads during Ceph authentication.
Mandates timely application of Linux kernel patches that add the missing bounds check to remediate this specific flaw.
Provides kernel memory protections that mitigate the effects of out-of-bounds reads, such as information disclosure or code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploit of Ceph auth handler enabling RCE/info disclosure via OOB read.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
Deeper analysisAI
CVE-2026-22984 is a vulnerability in the Linux kernel's libceph component, specifically in the handle_auth_done() function, where a missing explicit bounds check on payload_len could lead to out-of-bounds reads. This issue, classified under CWE-125 (Out-of-bounds Read), affects systems using the kernel's Ceph filesystem client library and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
A remote, unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation could allow arbitrary out-of-bounds memory reads, potentially leading to information disclosure, code execution, or system crashes, depending on the attacker's crafted payload during Ceph authentication handling.
Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references, including explicit bounds checking on payload_len in handle_auth_done() across multiple stable branches (e.g., commits 194cfe2af4d2, 2802ef3380fa, 2d653bb63d59, 79fe3511db41, and 818156caffbf). Security practitioners should update affected Linux kernels promptly to address this flaw.
Details
- CWE(s)