๐Ÿ” CVE Alert

CVE-2026-22991

HIGH 7.5

libceph: make free_choose_arg_map() resilient to partial allocation

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(), if allocation of arg_map->args fails, execution jumps to the fail label and free_choose_arg_map() is called. Since arg_map->size is updated to a non-zero value before memory allocation, free_choose_arg_map() will iterate over arg_map->args and dereference a NULL pointer. To prevent this potential NULL pointer dereference and make free_choose_arg_map() more resilient, add checks for pointers before iterating.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jan 23, 2026
Last Updated Apr 27, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
5cf9c4a9959b6273675310d14a834ef14fbca37c < 9b3730dabcf3764bfe3ff07caf55e641a0b45234 5cf9c4a9959b6273675310d14a834ef14fbca37c < 851241d3f78a5505224dc21c03d8692f530256b4 5cf9c4a9959b6273675310d14a834ef14fbca37c < ec1850f663da64842614c86b20fe734be070c2ba 5cf9c4a9959b6273675310d14a834ef14fbca37c < 8081faaf089db5280c3be820948469f7c58ef8dd 5cf9c4a9959b6273675310d14a834ef14fbca37c < c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf 5cf9c4a9959b6273675310d14a834ef14fbca37c < f21c3fdb96833aac2f533506899fe38c19cf49d5 5cf9c4a9959b6273675310d14a834ef14fbca37c < e3fe30e57649c551757a02e1cad073c47e1e075e
Linux / Linux
4.13

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234 git.kernel.org: https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4 git.kernel.org: https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba git.kernel.org: https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd git.kernel.org: https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf git.kernel.org: https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5 git.kernel.org: https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e