Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix potential use-after-free bug when trimming caps
When trimming the caps and just after the ‘session->s_cap_lock’ is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash.
We need to check the existence of the cap just after the ‘ci->i_ceph_lock’ being acquired. And do nothing if it’s already removed.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 4.18.0 (+4 more)
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix potential use-after-free bug when trimming caps
When trimming the caps and just after the ‘session->s_cap_lock’ is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash.
We need to check the existence of the cap just after the ‘ci->i_ceph_lock’ being acquired. And do nothing if it’s already removed.