CVE-2026-23136 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/10b7c72810364226f7b27916ea3e2a4f870bc04b
https://git.kernel.org/stable/c/11194b416ef95012c2cfe5f546d71af07b639e93
https://git.kernel.org/stable/c/90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff
https://git.kernel.org/stable/c/e94075e950a6598e710b9f7dffea5aa388f40313
https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23136-f28c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23136
https://www.cve.org/CVERecord?id=CVE-2026-23136

History

Mon, 16 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23136-f28c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23136 https://www.cve.org/CVERecord?id=CVE-2026-23136
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Sat, 14 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.
Title		libceph: reset sparse-read state in osd_fault()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/10b7c72810364226f7b27916ea3e2a4f870bc04b https://git.kernel.org/stable/c/11194b416ef95012c2cfe5f546d71af07b639e93 https://git.kernel.org/stable/c/90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff https://git.kernel.org/stable/c/e94075e950a6598e710b9f7dffea5aa388f40313

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T15:22:21.952Z

Updated: 2026-02-14T15:22:21.952Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23136

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-02-14T16:15:53.590

Modified: 2026-02-18T17:52:44.520

Link: CVE-2026-23136

Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23136 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object