{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-23T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental()",
    "id" : "2432400",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2432400"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nlibceph: replace overzealous BUG_ON in osdmap_apply_incremental()\nIf the osdmap is (maliciously) corrupted such that the incremental\nosdmap epoch is different from what is expected, there is no need to\nBUG.  Instead, just declare the incremental osdmap to be invalid." ],
  "statement" : "This is a reachable kernel BUG triggered by malformed (or maliciously corrupted) Ceph incremental OSD map data: an unexpected epoch value could hit a BUG_ON() and panic the kernel. The trigger is received over the Ceph protocol in established Ceph sessions (i.e., within the trusted/authorized cluster communication model), but it breaks that model by allowing a peer to cause a hard host crash.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25120",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.132.1.rt7.473.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:25121",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.132.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26563",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.147.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26563",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.147.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19568",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.10.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.10.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26515",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.176.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26462",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.176.1.rt14.461.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27735",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "kernel-0:5.14.0-427.132.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25218",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.120.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-22990\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22990\nhttps://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22990-a62e@gregkh/T" ],
  "name" : "CVE-2026-22990",
  "mitigation" : {
    "value" : "If Ceph not being used, then possible to disable it. To mitigate this issue, prevent module libceph from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}