Login Sign Up

CVE-2026-22992

5.5 MEDIUM
Authentication Bypass Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the libceph component where authentication errors aren't properly propagated, causing msgr2 to continue establishing sessions despite authentication failures. This can trigger a WARN in setup_crypto() and lead to a NULL pointer dereference in secure mode. Affects systems using Ceph storage with the vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel with libceph module
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Ceph storage client functionality. Requires msgr2 protocol and secure mode to trigger the NULL pointer dereference.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to NULL pointer dereference, potentially leading to denial of service for Ceph storage services.

🟠

Likely Case

System instability, kernel warnings, and potential Ceph client connection failures when authentication issues occur.

🟢

If Mitigated

Authentication failures handled gracefully without triggering kernel warnings or crashes.

🌐 Internet-Facing: LOW - Requires Ceph client access and specific authentication failure conditions.
🏢 Internal Only: MEDIUM - Internal Ceph storage clusters could be affected during authentication issues.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires ability to trigger authentication failures in Ceph client connections and specific configuration conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/33908769248b38a5e77cf9292817bb28e641992d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable msgr2 protocol

linux

Force Ceph clients to use msgr1 protocol instead of msgr2

ceph config set client ms_client_mode crc

Avoid secure mode

linux

Configure Ceph to not use secure mode for authentication

ceph config set client auth_required false

🧯 If You Can't Patch

  • Monitor Ceph client logs for authentication failures and WARN messages from setup_crypto()
  • Implement network segmentation to limit Ceph client access to trusted systems only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it contains the vulnerable libceph code from the git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 33908769248b38a5e77cf9292817bb28e641992d or other listed commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel WARN messages from setup_crypto()
  • Ceph authentication failure logs
  • NULL pointer dereference in kernel logs

Network Indicators:

  • Ceph client authentication failures followed by continued session establishment attempts

SIEM Query:

source="kernel" AND "setup_crypto" AND "WARN" OR source="ceph" AND "auth" AND "failed"

📊 Metadata

CVE ID: CVE-2026-22992
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.09% exploit probability (26.2th percentile)
Published: January 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22992, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)