CVE-2026-23201

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's Ceph implementation where an invalid pointer is passed to the kfree() function within the parse longname() function. This occurs when reading Ceph snapshot directories, such as by running ls /mnt/my ceph/.snap, leading to a kernel oops. The issue arises because a pointer is advanced incorrectly before being passed to kfree(), resulting in the function operating on invalid memory. Reproducing the issue involves creating Ceph snapshots, mounting the Ceph filesystem, and then listing the snapshots using the ls command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-23201

OESA-2026-1642

OESA-2026-1643

OESA-2026-1644

OPENSUSE-SU-2026:20572-1

SUSE-SU-2026:1573-1

SUSE-SU-2026:1661-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21237-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21352-1

SUSE-SU-2026:21361-1

Affected Products

Ceph

Linux Kernel

CVE-2026-23201

Weakness Enumeration

Related Identifiers

Affected Products

References · 237