github - ghsa-fwq5-vg2m-5cr5

ghsa-fwq5-vg2m-5cr5

Vulnerability from github

Published

2024-05-21 18:31

Modified

2024-05-21 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

ceph: blocklist the kclient when receiving corrupted snap trace

When received corrupted snap trace we don't know what exactly has happened in MDS side. And we shouldn't continue IOs and metadatas access to MDS, which may corrupt or get incorrect contents.

This patch will just block all the further IO/MDS requests immediately and then evict the kclient itself.

The reason why we still need to evict the kclient just after blocking all the further IOs is that the MDS could revoke the caps faster.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52732"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:13Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: blocklist the kclient when receiving corrupted snap trace\n\nWhen received corrupted snap trace we don\u0027t know what exactly has\nhappened in MDS side. And we shouldn\u0027t continue IOs and metadatas\naccess to MDS, which may corrupt or get incorrect contents.\n\nThis patch will just block all the further IO/MDS requests\nimmediately and then evict the kclient itself.\n\nThe reason why we still need to evict the kclient just after\nblocking all the further IOs is that the MDS could revoke the caps\nfaster.",
  "id": "GHSA-fwq5-vg2m-5cr5",
  "modified": "2024-05-21T18:31:19Z",
  "published": "2024-05-21T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52732"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2023-52732

Vulnerability from cvelistv5

Published

2024-05-21 15:22

Modified

2024-08-02 23:11

Severity

Summary

ceph: blocklist the kclient when receiving corrupted snap trace

References

URL	Tags
https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c
https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T17:31:40.303033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:22.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/addr.c",
            "fs/ceph/caps.c",
            "fs/ceph/file.c",
            "fs/ceph/mds_client.c",
            "fs/ceph/snap.c",
            "fs/ceph/super.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66ec619e4591",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "a68e564adcaa",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/addr.c",
            "fs/ceph/caps.c",
            "fs/ceph/file.c",
            "fs/ceph/mds_client.c",
            "fs/ceph/snap.c",
            "fs/ceph/super.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.13",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: blocklist the kclient when receiving corrupted snap trace\n\nWhen received corrupted snap trace we don\u0027t know what exactly has\nhappened in MDS side. And we shouldn\u0027t continue IOs and metadatas\naccess to MDS, which may corrupt or get incorrect contents.\n\nThis patch will just block all the further IO/MDS requests\nimmediately and then evict the kclient itself.\n\nThe reason why we still need to evict the kclient just after\nblocking all the further IOs is that the MDS could revoke the caps\nfaster."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:16:19.725Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9"
        }
      ],
      "title": "ceph: blocklist the kclient when receiving corrupted snap trace",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52732",
    "datePublished": "2024-05-21T15:22:57.926Z",
    "dateReserved": "2024-05-21T15:19:24.232Z",
    "dateUpdated": "2024-08-02T23:11:35.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.