CVE-2026-46024

Source
https://cve.org/CVERecord?id=CVE-2026-46024
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46024.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46024
Downstream
Related
Published
2026-05-27T12:56:29.932Z
Modified
2026-06-24T09:14:22.425567118Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in cephhandleauth_reply()

If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac->negotiating == true and ac->protocol > 0, this leads to setting ac->protocol = 0 and ac->ops = NULL. Thereafter, the check for ac->protocol != protocol returns false, and initprotocol() is not called. Subsequently, ac->ops->handle_reply() is called, which leads to a null pointer dereference, because ac->ops is still NULL.

This patch changes the check for ac->protocol != protocol to !ac->protocol, as this also includes the case when the protocol was set to zero in the message. This causes the message to be treated as containing a bad auth protocol.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46024.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc
Fixed
9ded62c302c0342efdb5eda3bf6e75720caad0df
Fixed
f101271fcf55d7eacfefd610b51ec65f46ba8118
Fixed
4b2738b93edad661178340239de657d876b73d3d
Fixed
927e4bd5692f2a4901808822981fb2c8d4456548
Fixed
016bc663657366d386993f63eb31072eb45a2b77
Fixed
8f2be7285941a33a9f72579a23b96392f83c758e
Fixed
5199c125d25aeae8615c4fc31652cc0fe624338e

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46024.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.34
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46024.json"