Ilya Dryomov

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a race condition between `delayed work()` and `ceph monc stop()` in the Linux kernel, specifically in the `libceph` module. This race condition can lead to a use-after-free scenario, particularly affecting `monc->auth` and `monc->monmap`. The problem arises because ` close session()` does not interfere with the delayed work to avoid disrupting the hunting interval logic, but this omission allows `mon fault()` and possibly `finish hunting()` to requeue the delayed work after `cancel delayed work sync()` has run, leading to potential use-after-free issues. **Recommendations** - Clear `monc->cur mon` and `monc->hunting` as part of closing the session in `ceph monc stop()`. - Bail from `delayed work()` if `monc->cur mon` is cleared, similar to how it's done in `mon fault()` and `finish hunting()` (based on `monc->hunting`). - Call `cancel delayed work sync()` after the session is closed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ceph versions prior to 15.2.6 Ceph versions prior to 14.2.14 **Description** A flaw was found in the Cephx authentication protocol, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. **Recommendations** For versions prior to 15.2.6, update to version 15.2.6 or later. For versions prior to 14.2.14, update to version 14.2.14 or later. As a temporary workaround, consider restricting access to the Ceph cluster network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.8.9 **Description** The issue is related to incomplete permission checking for access to rbd devices in the Linux kernel, which could be exploited by local attackers to map or unmap rbd block devices, potentially allowing privilege escalation. **Recommendations** For Linux kernel versions through 5.8.9, update to a version that includes the necessary permission checks for rbd devices to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.