In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
Lack of explicit verification of the payload_len value before its use in the handle_auth_done() function can result in access to memory outside the allocated buffer (CWE-125: Out-of-bounds Read). A remote attacker, without authentication and without user interaction, can craft an authorization response containing an invalid payload length value. The patch introduces explicit boundary checking of the payload_len variable before passing it for further processing.
An attacker can cause disclosure of sensitive data from kernel memory, and depending on the context, also cause system integrity violations or unavailability (according to CVSS vector: C:H/I:H/A:H).
Patches available from the vendor should be applied according to the references — fixes have been published in the Linux kernel stable repository at the addresses indicated in the references section (including commits: 194cfe2af4d2, 2802ef3380fa, 2d653bb63d59, 79fe3511db41, 818156caffbf).
Linux kernel — versions indicated in vendor references (patches available in commits in the stable repository git.kernel.org)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinux Kernel
OSLinux6.195.11 – 5.15.198 (bez)5.16 – 6.1.161 (bez)6.2 – 6.6.121 (bez)6.7 – 6.12.66 (bez)6.13 – 6.18.6 (bez)
Related vulnerabilities
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...