An unexpected disconnect during processing of some ops with Beast front-end configured (the default in rhcs-4.0) can lead to permanent leak of a socket connection by radosgw.
Mitigation: If Beast front end is in use, switch to CivetWeb to mitigate the issue. The following is an example of the /etc/ceph/ceph.conf file: <snip> ... [client.rgw.node1] rgw frontends = civetweb ... </snip>
Acknowledgments: Name: Or Friedman (Red Hat)
Pull Request: https://github.com/ceph/ceph/pull/33017 Patch: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1796995]
Removing affected from Openstack platform as versions shipped by ceph repositories are not affected.
Statement: * Red Hat Ceph Storage 3 is not affected by this flaw, as beast is unsupported in the product. * Red Hat Ceph Storage 4 is not affected by this flaw, as it is shipping patched version of ceph. * Red Hat Openshift Container Storage 4.2 is affected by this flaw, as it is using the affected version of ceph. * Red Hat OpenStack Platform 13 included some Ceph components at release for in order to support ppc64le. The version provided in the OpenStack repositories is outdated and customers are expected to be using versions provided in Ceph repositories now. Red Hat OpenStack Platform 13 operators should verify they are using Ceph repositories which are up to date and unaffected by this vulnerability. * Red Hat Enterprise Linux 7 is not affected by this flaw, as it ships an old version of the code which does not include the vulnerable code. * Red Hat Enterprise Linux 8 is not affected by this flaw, as only libcephfs-devel component is shipped and it does include the vulnerable code.