CVE-2024-42232

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> libceph: fix race between delayed_work() and ceph_monc_stop()<br /> <br /> The way the delayed work is handled in ceph_monc_stop() is prone to<br /> races with mon_fault() and possibly also finish_hunting(). Both of<br /> these can requeue the delayed work which wouldn&amp;#39;t be canceled by any of<br /> the following code in case that happens after cancel_delayed_work_sync()<br /> runs -- __close_session() doesn&amp;#39;t mess with the delayed work in order<br /> to avoid interfering with the hunting interval logic. This part was<br /> missed in commit b5d91704f53e ("libceph: behave in mon_fault() if<br /> cur_mon auth and monc-&gt;monmap being<br /> particularly susceptible to quickly being reused.<br /> <br /> To fix this:<br /> <br /> - clear monc-&gt;cur_mon and monc-&gt;hunting as part of closing the session<br /> in ceph_monc_stop()<br /> - bail from delayed_work() if monc-&gt;cur_mon is cleared, similar to how<br /> it&amp;#39;s done in mon_fault() and finish_hunting() (based on monc-&gt;hunting)<br /> - call cancel_delayed_work_sync() after the session is closed