Bug 2136909 (CVE-2022-3650)
Summary: | CVE-2022-3650 Ceph: ceph-crash.service allows local ceph user to root exploit | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aoconnor, bniver, danmick, david, eglynn, fedora, flucifre, gfidente, gmeno, go-sig, i, jdurgin, jjoyce, josef, kkeithle, lhh, loic, mbenjamin, mburns, mgarciac, mhackett, mhicks, muagarwa, ocs-bugs, ramkrsna, security-response-team, sostapov, spower, steve, vereddy |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. This issue can lead to loss of confidentiality, integrity, and availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-28 14:14:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2136911, 2136912, 2136913, 2136917, 2136918, 2136919, 2136920, 2136921, 2137598, 2137599, 2137601, 2137602, 2137603, 2137604, 2137605, 2137606, 2137607, 2137608, 2137609, 2138694 | ||
Bug Blocks: | 2129142, 2136908, 2160786 |
Description
Sage McTaggart
2022-10-21 20:27:30 UTC
Created ceph tracking bugs for this issue: Affects: fedora-35 [bug 2137598] Affects: fedora-36 [bug 2137599] *** Bug 2129447 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Ceph Storage 5.3 Via RHSA-2023:0980 https://access.redhat.com/errata/RHSA-2023:0980 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3650 |