Cyber Resilience

CVE-2026-23136

High

Published: 14 February 2026

Published
14 February 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0004 12.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23136 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 12.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-23136 is a vulnerability in the Linux kernel's libceph module, which handles Ceph distributed storage interactions. The issue arises in the osd_fault() function during fault recovery: when a connection is lost mid-payload or the sparse-read state machine errors out, the sparse-read state is not reset. This causes the OSD client to misinterpret the start of a new reply as a continuation of the previous one, potentially driving the sparse-read machinery into a permanent failure state and producing infinite error loops, such as repeated mismatches between data lengths and extent lengths followed by socket read errors.

A remote network attacker with no privileges or user interaction can exploit this vulnerability with low complexity, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Exploitation involves triggering a connection fault during a sparse-read operation, causing the affected system to enter non-recoverable loops that consume resources and deny availability of Ceph OSD client functionality.

The provided kernel stable commit references detail the fix: patches to osd_fault() explicitly reset the sparse-read state upon faults, ensuring pending operations retry from a clean state and preventing the observed loops. Systems should apply these upstream patches from the linked git commits to mitigate the issue.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read…

more

reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in libceph sparse-read fault handling directly enables remote exploitation to trigger resource-consuming infinite loops, matching application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23388Same product: Linux Linux Kernel
CVE-2026-23242Same product: Linux Linux Kernel
CVE-2026-22991Same product: Linux Linux Kernel
CVE-2025-21717Same product: Linux Linux Kernel
CVE-2026-23459Same product: Linux Linux Kernel
CVE-2026-31640Same product: Linux Linux Kernel
CVE-2026-31739Same product: Linux Linux Kernel
CVE-2024-56772Same product: Linux Linux Kernel
CVE-2026-23095Same product: Linux Linux Kernel
CVE-2026-31417Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 6.6 — 6.6.121 · 6.7 — 6.12.66 · 6.13 — 6.18.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the libceph kernel flaw by applying upstream patches that reset sparse-read state in osd_fault(), directly preventing exploitation and error loops.

prevent

Ensures the system handles connection faults and sparse-read errors securely without entering unrecoverable failure states that deny Ceph OSD client availability.

prevent

Protects against the remote denial-of-service attack triggered by connection faults during sparse-read operations, limiting resource exhaustion from infinite error loops.

References