CVE-2023-52636

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel related to the libceph component. The issue occurs when a short read happens while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes all read partial *() handlers, including read partial sparse msg data(). However, read partial sparse msg data() violates the expectation and ends up calling into the state machine in the OSD client. The sparse-read state machine assumes it's a new operation and interprets some piece of the footer as the sparse-read header, returning bogus extents/data length. To determine whether read partial sparse msg data() should bail, the cursor->total resid is reused.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.