CVE-2024-56564
ceph: pass cred pointer to ceph_mds_auth_match()
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
ceph: pass cred pointer to ceph_mds_auth_match()
This eliminates a redundant get_current_cred() call, because
ceph_mds_check_access() has already obtained this pointer.
As a side effect, this also fixes a reference leak in
ceph_mds_auth_match(): by omitting the get_current_cred() call, no
additional cred reference is taken.
Affected products
Linux · Linux