CVE-2026-22992

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-22992
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22992.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22992
Downstream
Published
2026-01-23T15:24:12.993Z
Modified
2026-03-13T04:06:43.239899Z
Summary
libceph: return the handler error from mon_handle_auth_done()
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: return the handler error from monhandleauth_done()

Currently any error from cephauthhandlereplydone() is propagated via finishauth() but isn't returned from monhandleauthdone(). This results in higher layers learning that (despite the monitor considering us to be successfully authenticated) something went wrong in the authentication phase and reacting accordingly, but msgr2 still trying to proceed with establishing the session in the background. In the case of secure mode this can trigger a WARN in setupcrypto() and later lead to a NULL pointer dereference inside of prepareauth_signature().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22992.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cd1a677cad994021b19665ed476aea63f5d54f31
Fixed
77229551f2cf72f3e35636db68e6a825b912cf16
Fixed
33908769248b38a5e77cf9292817bb28e641992d
Fixed
e097cd858196b1914309e7e3d79b4fa79383754d
Fixed
d2c4a5f6996683f287f3851ef5412797042de7f1
Fixed
9e0101e57534ef0e7578dd09608a6106736b82e5
Fixed
e84b48d31b5008932c0a0902982809fbaa1d3b70

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22992.json"