CVE-2026-22990

Advisory lineage Upstream: 0 Downstream: 36

Downstream

DEBIAN-CVE-2026-22990 DLA-4475-1 DLA-4476-1 DSA-6126-1 DSA-6127-1 MGASA-2026-0097

Modified

Published: 23 Jan 2026, 15:24

Last modified:11 May 2026, 21:57

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jan 2026, 15:24

Published

Vulnerability first disclosed

11 May 2026, 21:57

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 5%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

linux•linux
≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < 9aa0b0c14cefece078286d78b97d4c09685e372d | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < 4b106fbb1c7b841cd402abd83eb2447164c799ea | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < 6afd2a4213524bc742b709599a3663aeaf77193c | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < d3613770e2677683e65d062da5e31f48c409abe9 | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < 6c6cec3db3b418c4fdf815731bc39e46dff75e1b | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < 6348d70af847b79805374fe628d3809a63fd7df3 | ≥ f24e9980eb860d8600cbe5ef3d2fd9295320d229, < e00c3f71b5cf75681dbd74ee3f982a99cb690c2b | 2.6.34
linux•linux_kernel
≥ 2.6.34.1, < 5.10.248 | ≥ 5.11, < 5.15.198 | ≥ 5.16, < 6.1.161 | ≥ 6.2, < 6.6.121 | ≥ 6.7, < 6.12.66 | ≥ 6.13, < 6.18.6 | 2.6.34 | 2.6.34:rc2 | 2.6.34:rc3 | 2.6.34:rc4 | 2.6.34:rc5 | 2.6.34:rc6 | 2.6.34:rc7 | 6.19:rc1 | 6.19:rc2 | 6.19:rc3 | 6.19:rc4