PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46024 Linux CVE debrief

A null pointer dereference vulnerability exists in the Linux kernel's libceph component within the ceph_handle_auth_reply() function. The flaw occurs when a CEPH_MSG_AUTH_REPLY message contains zero values for both protocol and result fields. Under specific conditions—when ac->negotiating is true and ac->protocol is greater than zero—the code sets ac->protocol to 0 and ac->ops to NULL. The existing check ac->protocol != protocol then evaluates to false, preventing init_protocol() from being called. Subsequently, ac->ops->handle_reply() is invoked on the NULL ac->ops pointer, causing a null pointer dereference. The fix changes the validation logic to !ac->protocol, which properly catches the zero-protocol case and treats such messages as containing a bad authentication protocol, preventing the unsafe dereference.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators operating Ceph storage clusters; security teams monitoring kernel-level vulnerabilities in distributed storage infrastructure; organizations relying on Ceph for software-defined storage requiring authentication integrity

Technical summary

The vulnerability resides in net/ceph/auth.c in the ceph_handle_auth_reply() function. When processing CEPH_MSG_AUTH_REPLY messages, insufficient validation of zero-value protocol fields combined with specific state conditions (ac->negotiating == true, ac->protocol > 0) leads to NULL pointer dereference through ac->ops->handle_reply(). The fix modifies the protocol validation check from ac->protocol != protocol to !ac->protocol, ensuring zero-protocol messages are rejected as invalid before dereference occurs. Multiple stable kernel commits indicate backporting to affected versions.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates containing the fix for CVE-2026-46024 when available from your Linux distribution
  • Monitor NVD for CVSS scoring and severity assignment as vulnerability analysis progresses
  • Review Ceph cluster authentication configurations for defense in depth
  • Validate kernel patch application through standard change management procedures

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Patch commits identified in kernel.org stable repository. No CVSS score or severity rating currently assigned by NVD (status: Awaiting Analysis). No CISA KEV listing. Vendor attribution to Linux kernel based on source code references.

Official resources

2026-05-27