CVE-2026-22992
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
23/01/2026
Última modificación:
23/01/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
libceph: return the handler error from mon_handle_auth_done()<br />
<br />
Currently any error from ceph_auth_handle_reply_done() is propagated<br />
via finish_auth() but isn&#39;t returned from mon_handle_auth_done(). This<br />
results in higher layers learning that (despite the monitor considering<br />
us to be successfully authenticated) something went wrong in the<br />
authentication phase and reacting accordingly, but msgr2 still trying<br />
to proceed with establishing the session in the background. In the<br />
case of secure mode this can trigger a WARN in setup_crypto() and later<br />
lead to a NULL pointer dereference inside of prepare_auth_signature().
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/33908769248b38a5e77cf9292817bb28e641992d
- https://git.kernel.org/stable/c/77229551f2cf72f3e35636db68e6a825b912cf16
- https://git.kernel.org/stable/c/9e0101e57534ef0e7578dd09608a6106736b82e5
- https://git.kernel.org/stable/c/d2c4a5f6996683f287f3851ef5412797042de7f1
- https://git.kernel.org/stable/c/e097cd858196b1914309e7e3d79b4fa79383754d
- https://git.kernel.org/stable/c/e84b48d31b5008932c0a0902982809fbaa1d3b70