LinuxVULNRICHMENT:CVE-2023-52732CVE-2023-52732 ceph: blocklist the kclient when receiving corrupted snap trace
AI Score
Confidence
Low
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In the Linux kernel, the following vulnerability has been resolved:
ceph: blocklist the kclient when receiving corrupted snap trace
When received corrupted snap trace we don’t know what exactly has
happened in MDS side. And we shouldn’t continue IOs and metadatas
access to MDS, which may corrupt or get incorrect contents.
This patch will just block all the further IO/MDS requests
immediately and then evict the kclient itself.
The reason why we still need to evict the kclient just after
blocking all the further IOs is that the MDS could revoke the caps
faster.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/ceph/addr.c",
"fs/ceph/caps.c",
"fs/ceph/file.c",
"fs/ceph/mds_client.c",
"fs/ceph/snap.c",
"fs/ceph/super.h"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "66ec619e4591",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "a68e564adcaa",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/ceph/addr.c",
"fs/ceph/caps.c",
"fs/ceph/file.c",
"fs/ceph/mds_client.c",
"fs/ceph/snap.c",
"fs/ceph/super.h"
],
"versions": [
{
"version": "6.1.13",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
AI Score
Confidence
Low
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial