2923 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: Messages from MDS are dropped when unmounting When unmounting, all dirty buffers will be flushed. After the last osd request is completed, the last reference to icount will be released. Then, the dirty buffers will be flush...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET request for a swift URL that ends with two slashes, it can cause the rgw component to crash, resulting in a denial of service. The most significant threat to the system is its availability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Fix for oops due to invalid pointer for kfree in parselongname This fix addresses a kernel oops that occurs when reading ceph snapshot directories .snap, for example, by simply running ls /mnt/myceph/.snap. The variable str...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by the commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method". The code for this function was moved from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the reference leak The commit 20d72b00ca81 “netfs: Fix the request’s work item to not require a ref” modifies the netfsallocrequest function to initialize the reference counter to 2 instead of 1. The rationale is that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Always call cephShiftUnusedFoliosLeft The function cephProcessFolioBatch sets the folioBatch entries to NULL, which is an illegal state. Before folioBatchRelease crashes due to this API violation, the function...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: The “use after free” error was detected by KASAN at the line cephbuffergetarg-xattrbuf;. This means that the reference count could not be incremented before the memory was freed. In the same file, in the handlecapgrant...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed a race condition between cache write completion and the setting of ALLQUEUED. When netfslib issues subrequests, these subrequests start processing immediately and may complete before we reach the end of the issuing...
Astra Linux – Vulnerability in Ceph
A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...
Astra Linux – Vulnerability in Ceph
IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 may allow attackers to perform unauthorized actions in the RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in Ceph versions prior to 16.y.z, where Ceph stores mgr module passwords in plain text. This can be identified by searching the mgr logs using Grafana and the dashboard, as the passwords are visible...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: The reference to cephstring should be placed correctly after the asynccreate attempt. The reference obtained by tryprepasynccreate is currently being leaked. Ensure that we place this reference correctly...
Astra Linux – Vulnerability in Ceph
A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Do not propagate page array placement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each folio...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in Red Hat Ceph Storage 4, within the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for documentation purposes, which again exposes them to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapDecode This patch fixes unnecessary implicit conversions that change the signedness of bloblen and nummon in cephmonmapDecode. Currently, bloblen and nummon are signed int...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ceph: Avoid putting the realm twice when decoding snaps fails. When decoding snaps fails, it might leave the firstrealm and realm pointing to the same snaprealm memory. Doing so could lead to random use-after-free issues, BUGON,...
Astra Linux – Vulnerability in Linux 5.15
A issue was discovered in the net/ceph/messengerv2.c file within the Linux kernel before version 6.4.5. There is an integer signedness error, which leads to a buffer overflow and remote code execution via the HELLO command or one of the AUTH frames. This occurs due to an untrusted length value...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fixed a deadlock or deadcode issue caused by misuse of dget. The lock order between denty and its parent is incorrect; we should always ensure that the parent gets the lock first. However, since this deadcode is never used,...