CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> libceph: return the handler error from mon_handle_auth_done()<br /> <br /> Currently any error from ceph_auth_handle_reply_done() is propagated<br /> via finish_auth() but isn&amp;#39;t returned from mon_handle_auth_done(). This<br /> results in higher layers learning that (despite the monitor considering<br /> us to be successfully authenticated) something went wrong in the<br /> authentication phase and reacting accordingly, but msgr2 still trying<br /> to proceed with establishing the session in the background. In the<br /> case of secure mode this can trigger a WARN in setup_crypto() and later<br /> lead to a NULL pointer dereference inside of prepare_auth_signature().