Home

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(), if allocation of arg_map->args fails, execution jumps to the fail label and free_choose_arg_map() is called. Since arg_map->size is updated to a non-zero value before memory allocation, free_choose_arg_map() will iterate over arg_map->args and dereference a NULL pointer. To prevent this potential NULL pointer dereference and make free_choose_arg_map() more resilient, add checks for pointers before iterating.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-23 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before 9b3730dabcf3764bfe3ff07caf55e641a0b45234
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before 851241d3f78a5505224dc21c03d8692f530256b4
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before ec1850f663da64842614c86b20fe734be070c2ba
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before 8081faaf089db5280c3be820948469f7c58ef8dd
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before f21c3fdb96833aac2f533506899fe38c19cf49d5
affected

5cf9c4a9959b6273675310d14a834ef14fbca37c (git) before e3fe30e57649c551757a02e1cad073c47e1e075e
affected

Default status
affected

4.13
affected

Any version before 4.13
unaffected

5.10.248 (semver)
unaffected

5.15.198 (semver)
unaffected

6.1.161 (semver)
unaffected

6.6.121 (semver)
unaffected

6.12.66 (semver)
unaffected

6.18.6 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/9b3730dabcf3764bfe3ff07caf55e641a0b45234

git.kernel.org/...c/851241d3f78a5505224dc21c03d8692f530256b4

git.kernel.org/...c/ec1850f663da64842614c86b20fe734be070c2ba

git.kernel.org/...c/8081faaf089db5280c3be820948469f7c58ef8dd

git.kernel.org/...c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf

git.kernel.org/...c/f21c3fdb96833aac2f533506899fe38c19cf49d5

git.kernel.org/...c/e3fe30e57649c551757a02e1cad073c47e1e075e

cve.org (CVE-2026-22991)

nvd.nist.gov (CVE-2026-22991)

Download JSON