CVE-2024-26689

Updated: 2025-01-14 17:56:08.535633

Description:

In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in "handle_cap_grant()" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent "use after free" error.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2025-02-05 02:16:15
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:34:46
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1738672047 2025-03-03 22:02:43
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525834 2025-02-14 23:54:20
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525795 2025-02-14 23:54:21
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:14:05
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:34:46
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-02-26 07:12:50
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:34:46
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1742322442 2025-03-25 03:29:05
Total: 15