U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-22991 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(), if allocation of arg_map->args fails, execution jumps to the fail label and free_choose_arg_map() is called. Since arg_map->size is updated to a non-zero value before memory allocation, free_choose_arg_map() will iterate over arg_map->args and dereference a NULL pointer. To prevent this potential NULL pointer dereference and make free_choose_arg_map() more resilient, add checks for pointers before iterating.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd kernel.org Patch 
https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4 kernel.org Patch 
https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234 kernel.org Patch 
https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf kernel.org Patch 
https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e kernel.org Patch 
https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba kernel.org Patch 
https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5 kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-22991
NVD Published Date:
01/23/2026
NVD Last Modified:
04/27/2026
Source:
kernel.org