Primary

Context

Linux Kernel CephFS NULL Pointer Dereference Vulnerability in MDS Authentication

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the CephFS kernel client of the Linux kernel, specifically in versions 6.18-rc1 and later. The issue arises in the 'ceph_mds_auth_match()' function when the file system name is NULL. This vulnerability can lead to a denial of service by causing a kernel crash.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a kernel crash and disrupting system operations.

Reproduction

To reproduce this vulnerability, mount a CephFS file system using a kernel version 6.18-rc1 or later, and do not specify the 'mds_namespace' option. This will result in the 'fs_name' variable being NULL when 'ceph_mds_auth_match()' is called, causing a NULL pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.

Added: Feb 14, 2026, 5:31 PM

Updated: Feb 14, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

2.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

2.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CephFS NULL Pointer Dereference Vulnerability in MDS Authentication

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating