Bug 2374412 (CVE-2025-52555)
| Summary: | CVE-2025-52555 ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amctagga, aoconnor, bniver, flucifre, gmeno, martin.hecht, mbenjamin, mhackett, security-response-team, sostapov, vereddy |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 (read, write, and execute for all users) to any directory owned by root. This allows the user to read, write, and execute to that directory even if they were not the original owner. The vulnerability could potentially allow a user to gain unauthorized access or modify critical system data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2374416, 2374417, 2375687, 2375688, 2374414, 2374415 | ||
| Bug Blocks: | |||
| Deadline: | 2025-06-26 | ||
|
Description
OSIDB Bzimport
2025-06-23 21:33:47 UTC
Question: Is this limited to the fuse-client, or are mounts via systemd unit affected, too? |