cve 2026 22984

CVE-2026-22984 is a security vulnerability in the Linux kernel's Ceph client library (libceph) that involves a missing bounds check during authentication processing. The flaw could allow an out-of-bounds read when handling authentication payloads. A patch was released on 23 January 2026 that adds an explicit length check in the handle_auth_done() and process_auth_done() functions. This tag covers discussions about the vulnerability, its impact on systems using Ceph for distributed storage, and the kernel fix. It is relevant for Linux system administrators, security researchers, and anyone managing Ceph deployments who needs to understand and apply the update.