Cyber Resilience

CVE-2026-22984

Critical

Published: 23 January 2026

Published
23 January 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0035 26.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-22984 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22984 is a vulnerability in the Linux kernel's libceph component, specifically in the handle_auth_done() function, where a missing explicit bounds check on payload_len could lead to out-of-bounds reads. This issue, classified under CWE-125 (Out-of-bounds Read), affects systems using the kernel's Ceph filesystem client library and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

A remote, unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Successful exploitation could allow arbitrary out-of-bounds memory reads, potentially leading to information disclosure, code execution, or system crashes, depending on the attacker's crafted payload during Ceph authentication handling.

Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references, including explicit bounds checking on payload_len in handle_auth_done() across multiple stable branches (e.g., commits 194cfe2af4d2, 2802ef3380fa, 2d653bb63d59, 79fe3511db41, and 818156caffbf). Security practitioners should update affected Linux kernels promptly to address this flaw.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated network exploit of Ceph auth handler enabling RCE/info disclosure via OOB read.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23455Same product: Linux Linux Kernel
CVE-2026-31405Same product: Linux Linux Kernel
CVE-2026-31636Same product: Linux Linux Kernel
CVE-2026-31570Same product: Linux Linux Kernel
CVE-2026-31613Same product: Linux Linux Kernel
CVE-2026-31478Same product: Linux Linux Kernel
CVE-2025-21742Same product: Linux Linux Kernel
CVE-2026-23187Same product: Linux Linux Kernel
CVE-2025-71093Same product: Linux Linux Kernel
CVE-2025-71231Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 5.11 — 5.15.198 · 5.16 — 6.1.161 · 6.2 — 6.6.121

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires explicit bounds checking on payload_len in libceph's handle_auth_done() to directly prevent out-of-bounds reads during Ceph authentication.

prevent

Mandates timely application of Linux kernel patches that add the missing bounds check to remediate this specific flaw.

prevent

Provides kernel memory protections that mitigate the effects of out-of-bounds reads, such as information disclosure or code execution.

References