Description A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Exploitability: 3.9 | Impact: 2.5 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: None
Affected Packages7 packages ▶ Debian ceph < 14.2.21-1+deb11u1 +3 ▶ Ubuntu ceph < 12.2.13-0ubuntu0.18.04.11 +2 Show 2 more packages Also affects: Fedora 35, 37
🔴 Vulnerability Details4 OSV ceph vulnerabilities ↗ 2023-05-09 ▶ GHSA GHSA-23g5-cwwr-8xhw: A key length flaw was found in Red Hat Ceph Storage ↗ 2022-08-26 ▶ OSV CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage ↗ 2022-08-25 ▶ CVEList CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage ↗ 2022-08-25 ▶
📋 Vendor Advisories3 Ubuntu Ceph vulnerabilities ↗ 2023-05-09 ▶ Red Hat ceph: Ceph volume does not honour osd_dmcrypt_key_size ↗ 2022-01-11 ▶ Debian CVE-2021-3979: ceph - A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the... ↗ 2021 ▶