Описание
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
An flaw was found in net/ceph/messenger_v2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in ceph_decode_32.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:5244 | 19.09.2023 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | kernel | Fixed | RHSA-2023:4962 | 05.09.2023 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | kernel | Fixed | RHSA-2023:4962 | 05.09.2023 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:4962 | 05.09.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2023:4789 | 29.08.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Уязвимость драйвера системы хранения данных Ceph (net/ceph/messenger_v2.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3