CVE-2026-23136
📋 TL;DR
A race condition vulnerability in the Linux kernel's libceph component where sparse-read state isn't properly reset during connection faults, causing the OSD client to misinterpret new replies as continuations of old ones. This affects systems using Ceph distributed storage with the Linux kernel. The vulnerability can cause infinite error loops and service disruption.
💻 Affected Systems
- Linux kernel with Ceph client support
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Persistent denial of service causing Ceph storage operations to fail completely, potentially affecting all applications relying on the storage cluster.
Likely Case
Intermittent storage I/O errors and performance degradation due to repeated connection resets and error loops.
If Mitigated
Minor performance impact during connection faults with quick recovery after state reset.
🎯 Exploit Status
Exploitation requires ability to trigger connection faults in Ceph OSD communications; likely requires internal access or ability to disrupt network connectivity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 10b7c72810364226f7b27916ea3e2a4f870bc04b, 11194b416ef95012c2cfe5f546d71af07b639e93, 90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff, or e94075e950a6598e710b9f7dffea5aa388f40313
Vendor Advisory: https://git.kernel.org/stable/c/10b7c72810364226f7b27916ea3e2a4f870bc04b
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For live systems, apply kernel patch and reload libceph module if possible. 3. Check distribution-specific security advisories for backported fixes.
🔧 Temporary Workarounds
Network stability hardening
allReduce likelihood of connection faults by improving network reliability between Ceph clients and OSDs
Connection monitoring and restart
linuxMonitor for error loops and manually restart affected Ceph client connections
# Monitor for error patterns in dmesg or system logs
# Restart Ceph client services if error loops detected
🧯 If You Can't Patch
- Implement aggressive monitoring for error loop patterns in system logs
- Isolate Ceph client traffic on reliable, low-latency network segments
🔍 How to Verify
Check if Vulnerable:
Check kernel version and whether libceph module is loaded: 'lsmod | grep libceph' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel contains fix commits: 'git log --oneline | grep -E "(10b7c728|11194b41|90a60fe6|e94075e9)"' or check kernel changelog📡 Detection & Monitoring
Log Indicators:
- Repeated 'libceph: data len ... != extent len 0' errors
- 'socket error on read' messages in loops
- OSD connection reset patterns
Network Indicators:
- Unusual TCP connection resets between Ceph clients and OSDs
- Increased retransmission rates on Ceph network segments
SIEM Query:
source="kernel" AND "libceph" AND ("data len" AND "extent len" OR "socket error on read")