NULL Pointer Dereference in Linux Kernel Affecting libceph Functionality
CVE-2026-22991

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
23 January 2026

What is CVE-2026-22991?

A vulnerability within the Linux kernel's libceph impacts the free_choose_arg_map() function by risking a NULL pointer dereference. This issue arises when its caller encounters an error after a partial memory allocation, specifically in the decode_choose_args() function. When allocation of arg_map->args fails, control shifts to a failure label calling free_choose_arg_map(), which may blindly attempt to iterate over arg_map->args. As arg_map->size is updated to a non-zero value before the allocation, it leads to a breach where free_choose_arg_map() can dereference a NULL pointer. To mitigate this risk, enhancements include implementing checks for valid pointers prior to iteration, thus increasing the resilience of free_choose_arg_map() against potential errors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 5cf9c4a9959b6273675310d14a834ef14fbca37c < 9b3730dabcf3764bfe3ff07caf55e641a0b45234

Linux 5cf9c4a9959b6273675310d14a834ef14fbca37c < 851241d3f78a5505224dc21c03d8692f530256b4

Linux 5cf9c4a9959b6273675310d14a834ef14fbca37c

References

https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07ca...
https://git.kernel.org/stable/c/851241d3f78a5505224dc21c0...
https://git.kernel.org/stable/c/ec1850f663da64842614c86b2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.