Login Sign Up

CVE-2026-23189

N/A Unknown
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's CephFS client allows local attackers to cause a kernel panic (denial of service) by triggering the ceph_mds_auth_match() function with a NULL filesystem name. This affects systems using CephFS with Linux kernel versions from 6.18-rc1 onward.

💻 Affected Systems

Products:
  • Linux kernel
Versions: 6.18-rc1 and later versions before patches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when CephFS is configured and mounted, particularly with mds_namespace parameter issues.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel panic when mounting CephFS with specific configurations.

🟢

If Mitigated

No impact if CephFS is not used or if proper kernel hardening prevents local user access.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.
🏢 Internal Only: MEDIUM - Local users or processes could crash the kernel, affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to mount CephFS with specific conditions triggering the NULL pointer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel commits 57b36ffc8881dd455d875f85c105901974af2130, 7987cce375ac8ce98e170a77aa2399f2cf6eb99f, c6f8326f26bd20d648d9a55afd68148d1b6afe28

Vendor Advisory: https://git.kernel.org/stable/c/57b36ffc8881dd455d875f85c105901974af2130

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched version.

🔧 Temporary Workarounds

Disable CephFS mounting

all

Prevent CephFS mounting to avoid triggering the vulnerability

# Remove CephFS kernel module if not needed
rmmod ceph
# Or restrict mount permissions
chmod 700 /sbin/mount.ceph

🧯 If You Can't Patch

  • Restrict local user access to prevent mounting CephFS
  • Implement kernel hardening to limit local user capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if CephFS is in use: uname -r and check /proc/filesystems for ceph

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after patched commits and test CephFS mounting functionality

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in dmesg or system logs
  • CephFS mount failures with NULL pointer errors

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND "NULL pointer dereference" AND "ceph_mds_auth_match"

📊 Metadata

CVE ID: CVE-2026-23189
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON