7.5

CVE-2026-46024

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both
protocol and result, this is currently not treated as an error. In case
of ac->negotiating == true and ac->protocol > 0, this leads to setting
ac->protocol = 0 and ac->ops = NULL. Thereafter, the check for
ac->protocol != protocol returns false, and init_protocol() is not
called. Subsequently, ac->ops->handle_reply() is called, which leads to
a null pointer dereference, because ac->ops is still NULL.

This patch changes the check for ac->protocol != protocol to
!ac->protocol, as this also includes the case when the protocol was set
to zero in the message. This causes the message to be treated as
containing a bad auth protocol.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.34.1 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.86
LinuxLinux Kernel Version >= 6.13 < 6.18.27
LinuxLinux Kernel Version >= 6.19 < 7.0.4
LinuxLinux Kernel Version2.6.34 Update-
LinuxLinux Kernel Version2.6.34 Updaterc2
LinuxLinux Kernel Version2.6.34 Updaterc3
LinuxLinux Kernel Version2.6.34 Updaterc4
LinuxLinux Kernel Version2.6.34 Updaterc5
LinuxLinux Kernel Version2.6.34 Updaterc6
LinuxLinux Kernel Version2.6.34 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.382
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/4b2738b93edad661178340239de657d876b73d3d
Patch
https://git.kernel.org/stable/c/927e4bd5692f2a4901808822981fb2c8d4456548
Patch
https://git.kernel.org/stable/c/016bc663657366d386993f63eb31072eb45a2b77
Patch
https://git.kernel.org/stable/c/8f2be7285941a33a9f72579a23b96392f83c758e
Patch
https://git.kernel.org/stable/c/5199c125d25aeae8615c4fc31652cc0fe624338e
Patch
https://git.kernel.org/stable/c/9ded62c302c0342efdb5eda3bf6e75720caad0df
Patch
https://git.kernel.org/stable/c/f101271fcf55d7eacfefd610b51ec65f46ba8118
Patch