CVE-2024-26689

Updated: 2025-01-14 17:56:08.535633

Description:

In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in "handle_cap_grant()" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent "use after free" error.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738671431 2025-02-05 02:16:14
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738670922 2025-02-05 02:16:15
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:46:58
CentOS 7 ELS kernel 3.10.0 7.8 HIGH In Rollout CLSA-2025:1738672047 2025-02-05 02:16:13
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH In Progress 2025-02-07 06:36:28
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-01-14 13:47:03
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:14:05
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:46:59
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:47:10
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-01-14 13:47:07
Total: 14