CVE-2024-26689

2024-04-0300:00:00

ubuntu.com

linux kernel

ceph

vulnerability

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved: ceph:
prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in
encode_cap_msg(), “use after free” error was caught by KASAN at this line -
‘ceph_buffer_get(arg->xattr_buf);’. This implies before the refcount could
be increment here, it was freed. In same file, in “handle_cap_grant()”
refcount is decremented by this line -
‘ceph_buffer_put(ci->i_xattrs.blob);’. It appears that a race occurred and
resource was freed by the latter line before the former line could
increment it. encode_cap_msg() is called by __send_cap() and __send_cap()
is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is
where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot
where the refcount must be increased to prevent “use after free” error.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-106.116	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1061.67	UNKNOWN