CVE-2026-22991 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 99.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 23
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation
free_choose_arg_map() may dereference a NULL pointer if its caller fails
after a partial allocation.
For example, in decode_choose_args(), if allocation of arg_map->args
fails, execution jumps to the fail label and free_choose_arg_map() is
called. Since arg_map->size is updated to a non-zero value before memory
allocation, free_choose_arg_map() will iterate o…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5linux/linux5cf9c4a9959b6273675310d14a834ef14fbca37c — 9b3730dabcf3764bfe3ff07caf55e641a0b45234+7
Patches
🔴Vulnerability Details
9OSV▶
linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities↗2026-03-17