CVE-2026-23201
Medium
Low
Medium
High
Critical
5.5
CVSS Score
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix oops due to invalid pointer for kfree() in parse_longname()
This fixes a kernel oops when reading ceph snapshot directories (.snap),
for example by simply running `ls /mnt/my_ceph/.snap`.
The variable str is guarded by __free(kfree), but advanced by one for
skipping the initial '_' in snapshot names. Thus, kfree() is called
with an invalid pointer. This patch removes the need for advancing the
pointer so kfree() is called with correct memory pointer.
Steps to reproduce:
1. Create snapshots on a cephfs volume (I've 63 snaps in my testcase)
2. Add cephfs mount to fstab
$ echo "samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0" >> /etc/fstab
3. Reboot the system
$ systemctl reboot
4. Check if it's really mounted
$ mount | grep stuff
5. List snapshots (expected 63 snapshots on my system)
$ ls /mnt/test/stuff/.snap
Now ls hangs forever and the kernel log shows the oops.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
59 configuration(s) from 1 vendor(s)
linux_kernel
Version:
6.12.67
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.67:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.1
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.1:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.8
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.8:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.55
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.55:*:*:*:*:*:*:*
linux_kernel
Version:
6.18
CPE:
cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
linux_kernel
Version:
6.17.10
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.10:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.12
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.12:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.53
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.53:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.10
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.10:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.8
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.8:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.60
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.60:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.11
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.11:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.11
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.11:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.52
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.52:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.62
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.62:*:*:*:*:*:*:*
linux_kernel
Version:
6.18.3
CPE:
cpe:2.3:o:linux:linux_kernel:6.18.3:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.6
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.6:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.44
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.44:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.2
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.2:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.9
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.9:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.47
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.47:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.7
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.7:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.56
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.56:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.2
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.2:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.49
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.49:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.11
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.11:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.5
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.5:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.12
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.12:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.5
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.5:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.1
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.1:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.9
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.9:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.58
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.58:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.59
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.59:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.68
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.68:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.42
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.42:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.46
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.46:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.54
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.54:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.3
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.3:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.50
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.50:*:*:*:*:*:*:*
linux_kernel
Version:
6.18.8
CPE:
cpe:2.3:o:linux:linux_kernel:6.18.8:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.51
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.51:*:*:*:*:*:*:*
linux_kernel
Version:
6.17
CPE:
cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
linux_kernel
Version:
6.18.7
CPE:
cpe:2.3:o:linux:linux_kernel:6.18.7:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.45
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.45:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.4
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.4:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.43
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.43:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.10
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.10:*:*:*:*:*:*:*
linux_kernel
Version:
6.18.2
CPE:
cpe:2.3:o:linux:linux_kernel:6.18.2:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.13
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.13:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.61
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.61:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.4
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.4:*:*:*:*:*:*:*
linux_kernel
Version:
6.19
CPE:
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
linux_kernel
Version:
6.12.63
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.63:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.3
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.3:*:*:*:*:*:*:*
linux_kernel
Version:
6.17.7
CPE:
cpe:2.3:o:linux:linux_kernel:6.17.7:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.57
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.57:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.6
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.6:*:*:*:*:*:*:*
linux_kernel
Version:
6.18.1
CPE:
cpe:2.3:o:linux:linux_kernel:6.18.1:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.48
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.48:*:*:*:*:*:*:*
This vulnerability affects 59 software configuration(s). Ensure you patch all affected systems.
SUSE
CVE-2026-23201
CVE-2026-23201
Severity
Unknown
Released
Mar 05, 2026
Restart Required
Security Update
References & Resources
-
https://git.kernel.org/stable/c/8c9af7339de419819cfc641d551675d38ff99abf416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/bc8dedae022ce3058659c3addef3ec4b41d15e00416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
-
https://git.kernel.org/stable/c/e258ed369c9e04caa7d2fd49785d753ae4034cb6416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
Severity Details
5.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-476
Top 25 #21
NULL Pointer Dereference
- Description
- The product dereferences a pointer that it expects to be valid but is NULL.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- February 14, 2026
