CVE-2026-22984

Advisory lineage Upstream: 0 Downstream: 32

Downstream

DEBIAN-CVE-2026-22984 DLA-4476-1 DSA-6126-1 DSA-6127-1 MGASA-2026-0097 MGASA-2026-0098

Modified

Published: 23 Jan 2026, 15:24

Last modified:11 May 2026, 21:57

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jan 2026, 15:24

Published

Vulnerability first disclosed

11 May 2026, 21:57

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 6%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ cd1a677cad994021b19665ed476aea63f5d54f31, < 194cfe2af4d2a1de599d39dad636b47c2f6c2c96 | ≥ cd1a677cad994021b19665ed476aea63f5d54f31, < 79fe3511db416d2f2edcfd93569807cb02736e5e | ≥ cd1a677cad994021b19665ed476aea63f5d54f31, < ef208ea331ef688729f64089b895ed1b49e842e3 | ≥ cd1a677cad994021b19665ed476aea63f5d54f31, < 2802ef3380fa8c4a08cda51ec1f085b1a712e9e2 | ≥ cd1a677cad994021b19665ed476aea63f5d54f31, < 2d653bb63d598ae4b096dd678744bdcc34ee89e8 | ≥ cd1a677cad994021b19665ed476aea63f5d54f31, < 818156caffbf55cb4d368f9c3cac64e458fb49c9 | 5.11
linux•linux_kernel
≥ 5.11, < 5.15.198 | ≥ 5.16, < 6.1.161 | ≥ 6.2, < 6.6.121 | ≥ 6.7, < 6.12.66 | ≥ 6.13, < 6.18.6 | 6.19:rc1 | 6.19:rc2 | 6.19:rc3 | 6.19:rc4