CVE-2026-46024

HIGH EPSS 38.4%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac->negotiating == true and ac->protocol > 0, this leads to setting ac->protocol = 0 and ac->ops = NULL. Thereafter, the check for ac->protocol != protocol returns false, and init_protocol() is not called. Subsequently, ac->ops->handle_reply() is called, which leads to a null pointer dereference, because ac->ops is still NULL. This patch changes the check for ac->protocol != protocol to !ac->protocol, as this also includes the case when the protocol was set to zero in the message. This causes the message to be treated as containing a bad auth protocol.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
38.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥2.6.34.1  –  <5.15.209
linuxlinux_kernel*≥5.16  –  <6.1.175
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.86
linuxlinux_kernel*≥6.13  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any
linuxlinux_kernel2.6.34any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/016bc663657366d386993f63eb31072eb45a2b77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b2738b93edad661178340239de657d876b73d3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5199c125d25aeae8615c4fc31652cc0fe624338e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f2be7285941a33a9f72579a23b96392f83c758e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/927e4bd5692f2a4901808822981fb2c8d4456548
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ded62c302c0342efdb5eda3bf6e75720caad0df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f101271fcf55d7eacfefd610b51ec65f46ba8118
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/016bc663657366d386993f63eb31072eb45a2b77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b2738b93edad661178340239de657d876b73d3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5199c125d25aeae8615c4fc31652cc0fe624338e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f2be7285941a33a9f72579a23b96392f83c758e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/927e4bd5692f2a4901808822981fb2c8d4456548
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ded62c302c0342efdb5eda3bf6e75720caad0df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f101271fcf55d7eacfefd610b51ec65f46ba8118
    Patch