CVE-2026-23136
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-14

Last updated on: 2026-04-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23136
EUVD
EUVD-2026-5901
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.6 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.66 (exc)
linux linux_kernel From 6.6 (inc) to 6.6.121 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's libceph component, specifically in the handling of sparse-read state in the osd_fault() function.

When a fault occurs, the connection is abandoned and reestablished, and pending operations are retried. The OSD client uses a separate state machine to track sparse-read replies.

If the connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. This causes the client to misinterpret the start of a new reply as a continuation of the old one.

This can cause the sparse-read machinery to enter a failure state and produce repeated errors and loops, preventing recovery.

The fix involves resetting the sparse-read state in osd_fault() to ensure retries start from a clean state.

Impact Analysis

This vulnerability can cause the OSD client in the Linux kernel to enter a failure state during sparse-read operations, leading to repeated socket errors and read failures.

As a result, data retrieval operations may fail or hang, potentially causing service disruptions or degraded performance in systems relying on Ceph storage.

This could impact applications or services that depend on reliable data access from Ceph clusters.

Compliance Impact

I don't know

Detection Guidance

This vulnerability manifests as the OSD client entering a failure state with repeated error messages related to sparse-read operations.

You can detect it by monitoring system logs for repeated libceph error messages such as:

  • libceph: [0] got 0 extents
  • libceph: data len X != extent len 0
  • libceph: osd0 (1)...:6801 socket error on read

Commands to check logs could include:

  • journalctl -k | grep libceph
  • dmesg | grep libceph
  • tail -f /var/log/syslog | grep libceph
Mitigation Strategies

The vulnerability is resolved by resetting the sparse-read state in the osd_fault() function to ensure retries start from a clean state.

Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.

Until the update is applied, monitoring for the described error messages and restarting the affected OSD client processes may temporarily alleviate the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23136. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart