libceph: reset sparse-read state in osd_fault()

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2026-23136
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-02-14 16:15:53 UTC
Updated2026-04-03 14:16:24 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: NVD-CWE-noinfo

VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary5.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.1416baaa9-dc9f-4396-8d5f-8c081fb06d67Secondary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1CNADECLARED7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected f628d799972799023d32c2542bb2639eb8c4f84e 90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff git Not specified
CNA Linux Linux affected f628d799972799023d32c2542bb2639eb8c4f84e e94075e950a6598e710b9f7dffea5aa388f40313 git Not specified
CNA Linux Linux affected f628d799972799023d32c2542bb2639eb8c4f84e 10b7c72810364226f7b27916ea3e2a4f870bc04b git Not specified
CNA Linux Linux affected f628d799972799023d32c2542bb2639eb8c4f84e 11194b416ef95012c2cfe5f546d71af07b639e93 git Not specified
CNA Linux Linux affected 6.6 Not specified
CNA Linux Linux unaffected 6.6 semver Not specified
CNA Linux Linux unaffected 6.6.121 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.66 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.6 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/11194b416ef95012c2cfe5f546d71af07b639e93 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/10b7c72810364226f7b27916ea3e2a4f870bc04b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/e94075e950a6598e710b9f7dffea5aa388f40313 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report