CVE-2022-3650
published 2023-01-17CVE-2022-3650: A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ceph | < ceph 16.2.10+ds-4 (bookworm) | ceph 16.2.10+ds-4 (bookworm) |
| msrc | azl3_ceph_16.2.10-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_ceph_18.2.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_ceph_16.2.10-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redhat | ceph | — | — |
| redhat | ceph | — | — |
| redhat | ceph | >= 0 < 14.2.21-1+deb11u1 | 14.2.21-1+deb11u1 |
| redhat | ceph | >= 0 < 16.2.10+ds-4 | 16.2.10+ds-4 |
| redhat | ceph | >= 0 < 16.2.10+ds-4 | 16.2.10+ds-4 |
| redhat | ceph | >= 0 < 16.2.10+ds-4 | 16.2.10+ds-4 |
| redhat | ceph_storage | >= 0 < 12.2.13-0ubuntu0.18.04.11 | 12.2.13-0ubuntu0.18.04.11 |
| redhat | ceph_storage | >= 0 < 15.2.17-0ubuntu0.20.04.3 | 15.2.17-0ubuntu0.20.04.3 |
| redhat | ceph_storage | >= 0 < 17.2.5-0ubuntu0.22.04.3 | 17.2.5-0ubuntu0.22.04.3 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH