PT-2022-7529 · Glusterfs+5 · Glusterfs+5

Lvtao-Sec

Published

2022-08-22

Updated

2025-03-14

CVE-2022-48340

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GlusterFS version 11.0

Description The issue is related to a use-after-free error in the dht setxattr mds cbk function of the xlators/cluster/dht/src/dht-common.c component in the GlusterFS file system. This allows a remote attacker to cause a denial of service.

Recommendations For GlusterFS version 11.0, consider disabling the dht setxattr mds cbk function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-1769

BDU:2024-06985

CVE-2022-48340

OESA-2024-1265

OESA-2024-1266

OESA-2024-1267

OESA-2024-1268

OESA-2024-1269

USN-6507-1

Affected Products

Alt Linux

Astra Linux

Debian

Glusterfs

Linuxmint

Ubuntu

PT-2022-7529 · Glusterfs+5 · Glusterfs+5

CVE-2022-48340

Weakness Enumeration

Related Identifiers

Affected Products

References · 31