Skip to main content

Linux CVE-2026-22984

CRITICAL
Out-of-bounds Read (CWE-125)
2026-01-23 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Red Hat
7.1 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
Severity Changed
Apr 27, 2026 - 14:22 NVD
HIGH CRITICAL
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.1 (HIGH) 9.8 (CRITICAL)
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Feb 26, 2026 - 18:48 nvd
Patch available
CVE Published
Jan 23, 2026 - 16:15 nvd
HIGH 7.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds reads in handle_auth_done()

Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout.

[ idryomov: changelog ]

AnalysisAI

A bounds checking vulnerability in the Linux kernel's libceph authentication handler allows local attackers with user privileges to trigger out-of-bounds memory reads, potentially leading to information disclosure or denial of service. The flaw exists in the handle_auth_done() function which fails to properly validate payload length before processing authentication data. A patch is available to address this vulnerability.

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). Affects Linux Kernel. In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds reads in handle_auth_done()

Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout.

[ idryomov: changelog ]

RemediationAI

A vendor patch is available — apply it immediately.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.35 Container suse/sl-micro/6.0/toolbox:13.2-9.1 Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.95 Image SL-Micro Image SLE-Micro Image SLE-Micro-EC2 Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.115 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.146 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.80 Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-22984 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy