ceph: fix potential use-after-free bug when trimming caps
3Vexday Risk Score
No sign of exploitation. No public exploitation artifact known so far.
ssvc Trackepss 0.2%
exploitation probability
0.2%top 94% of all CVEs
observed exploitation
nono source reports it
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix potential use-after-free bug when trimming caps
When trimming the caps and just after the 'session->s_cap_lock' is
released in ceph_iterate_session_caps() the cap maybe removed by
another thread, and when using the stale cap memory in the callbacks
it will trigger use-after-free crash.
We need to check the existence of the cap just after the 'ci->i_ceph_lock'
being acquired. And do nothing if it's already removed.
Affected products
Linux · Linux