Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49296

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ceph: fix possible deadlock when holding Fwb to get inline_data<br /> <br /> 1, mount with wsync.<br /> 2, create a file with O_RDWR, and the request was sent to mds.0:<br /> <br /> ceph_atomic_open()--&gt;<br /> ceph_mdsc_do_request(openc)<br /> finish_open(file, dentry, ceph_open)--&gt;<br /> ceph_open()--&gt;<br /> ceph_init_file()--&gt;<br /> ceph_init_file_info()--&gt;<br /> ceph_uninline_data()--&gt;<br /> {<br /> ...<br /> if (inline_version == 1 || /* initial version, no data */<br /> inline_version == CEPH_INLINE_NONE)<br /> goto out_unlock;<br /> ...<br /> }<br /> <br /> The inline_version will be 1, which is the initial version for the<br /> new create file. And here the ci-&gt;i_inline_version will keep with 1,<br /> it&amp;#39;s buggy.<br /> <br /> 3, buffer write to the file immediately:<br /> <br /> ceph_write_iter()--&gt;<br /> ceph_get_caps(file, need=Fw, want=Fb, ...);<br /> generic_perform_write()--&gt;<br /> a_ops-&gt;write_begin()--&gt;<br /> ceph_write_begin()--&gt;<br /> netfs_write_begin()--&gt;<br /> netfs_begin_read()--&gt;<br /> netfs_rreq_submit_slice()--&gt;<br /> netfs_read_from_server()--&gt;<br /> rreq-&gt;netfs_ops-&gt;issue_read()--&gt;<br /> ceph_netfs_issue_read()--&gt;<br /> {<br /> ...<br /> if (ci-&gt;i_inline_version != CEPH_INLINE_NONE &amp;&amp;<br /> ceph_netfs_issue_op_inline(subreq))<br /> return;<br /> ...<br /> }<br /> ceph_put_cap_refs(ci, Fwb);<br /> <br /> The ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to<br /> mds.1.<br /> <br /> 4, then the mds.1 will request the rd lock for CInode::filelock from<br /> the auth mds.0, the mds.0 will do the CInode::filelock state transation<br /> from excl --&gt; sync, but it need to revoke the Fxwb caps back from the<br /> clients.<br /> <br /> While the kernel client has aleady held the Fwb caps and waiting for<br /> the getattr(Fsr).<br /> <br /> It&amp;#39;s deadlock!<br /> <br /> URL: https://tracker.ceph.com/issues/55377

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.34 (including) 5.18.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools