Login Sign Up

CVE-2026-22991

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's libceph component. If exploited, it could cause a kernel panic leading to denial of service. Systems using Ceph storage with affected Linux kernel versions are potentially vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Ceph storage functionality. The vulnerability is in libceph module.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data unavailability in Ceph storage clusters.

🟠

Likely Case

System crash or instability when Ceph operations trigger the vulnerable code path during memory allocation failures.

🟢

If Mitigated

No impact if the vulnerable code path isn't triggered or if proper error handling prevents the condition.

🌐 Internet-Facing: LOW - This vulnerability requires local access or specific Ceph operations to trigger.
🏢 Internal Only: MEDIUM - Internal systems using Ceph storage could experience service disruption if exploited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific memory allocation failure conditions in Ceph operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check kernel commit 8081faaf089db5280c3be820948469f7c58ef8dd and related stable commits

Vendor Advisory: https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable Ceph module

linux

Remove or blacklist libceph module if Ceph storage is not required

echo 'blacklist libceph' >> /etc/modprobe.d/blacklist.conf
rmmod libceph

🧯 If You Can't Patch

  • Implement strict access controls to limit who can trigger Ceph operations
  • Monitor system logs for kernel panic events and implement rapid response procedures

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if libceph module is loaded: lsmod | grep libceph

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: git log --oneline | grep -i '8081faaf089db5280c3be820948469f7c58ef8dd'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference errors in kernel logs
  • Ceph-related crash dumps

Network Indicators:

  • Unusual Ceph protocol errors
  • Storage cluster instability

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "libceph")

📊 Metadata

CVE ID: CVE-2026-22991
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.03% exploit probability (8.5th percentile)
Published: January 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22991, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)