CVE-2026-23136
BaseFortify
Publication date: 2026-02-14
Last updated on: 2026-04-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.6 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.66 (exc) |
| linux | linux_kernel | From 6.6 (inc) to 6.6.121 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's libceph component, specifically in the handling of sparse-read state in the osd_fault() function.
When a fault occurs, the connection is abandoned and reestablished, and pending operations are retried. The OSD client uses a separate state machine to track sparse-read replies.
If the connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. This causes the client to misinterpret the start of a new reply as a continuation of the old one.
This can cause the sparse-read machinery to enter a failure state and produce repeated errors and loops, preventing recovery.
The fix involves resetting the sparse-read state in osd_fault() to ensure retries start from a clean state.
How can this vulnerability impact me? :
This vulnerability can cause the OSD client in the Linux kernel to enter a failure state during sparse-read operations, leading to repeated socket errors and read failures.
As a result, data retrieval operations may fail or hang, potentially causing service disruptions or degraded performance in systems relying on Ceph storage.
This could impact applications or services that depend on reliable data access from Ceph clusters.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as the OSD client entering a failure state with repeated error messages related to sparse-read operations.
You can detect it by monitoring system logs for repeated libceph error messages such as:
- libceph: [0] got 0 extents
- libceph: data len X != extent len 0
- libceph: osd0 (1)...:6801 socket error on read
Commands to check logs could include:
- journalctl -k | grep libceph
- dmesg | grep libceph
- tail -f /var/log/syslog | grep libceph
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by resetting the sparse-read state in the osd_fault() function to ensure retries start from a clean state.
Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.
Until the update is applied, monitoring for the described error messages and restarting the affected OSD client processes may temporarily alleviate the issue.