CVE-2023-44466
published 2023-09-29CVE-2023-44466: An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and…
PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
54.58%
98.9th percentile
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.52-1 (bookworm) | linux 6.1.52-1 (bookworm) |
| linux | linux_kernel | >= 0 < 6.1.52-1 | 6.1.52-1 |
| linux | linux_kernel | >= 0 < 6.4.11-1 | 6.4.11-1 |
| linux | linux_kernel | >= 0 < 6.4.11-1 | 6.4.11-1 |
| linux | linux_kernel | >= 0 < 5.15.0-86.96 | 5.15.0-86.96 |
| linux | linux_kernel | >= 5.11 < 5.15.121 | 5.15.121 |
| linux | linux_kernel | >= 5.16 < 6.1.40 | 6.1.40 |
| linux | linux_kernel | >= 6.2 < 6.4.5 | 6.4.5 |
| msrc | cbl2_kernel_5.15.135.1-2_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| ubuntu | linux-intel-iotg-5.15 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted TCP packet carrying a HELLO or AUTH frame with an untrusted length field parsed by ceph_decode_32 in net/ceph/messenger_v2.c, triggering an integer signedness error and buffer overflow leading to RCE ↗
- →Vulnerable code path is net/ceph/messenger_v2.c in the Linux kernel; monitor traffic on Ceph messenger v2 protocol (default TCP port 3300) for malformed HELLO or AUTH frames with anomalous length values ↗
- →Patch commit a282a2f10539dce2aa619e71e1817570d557fc97 in the Linux kernel tree can be used to diff and build detection logic around the vulnerable length-handling code in messenger_v2.c ↗
- →Security advisory GHSA-jg27-jx6w-xwph (Google Security Research) contains additional technical details that may aid in building signatures for this vulnerability ↗
- ·Only Linux kernels before 6.4.5 are vulnerable; kernels >= 6.4.5 (or >= 6.5 upstream) contain the fix. Red Hat Enterprise Linux 6 and 7 are confirmed NOT affected. ↗
- ·Only systems using the Ceph messenger v2 protocol (messenger_v2.c) are affected; systems not running Ceph kernel client or not using msgr2 are not exposed to this attack surface. ↗
- ·Red Hat Enterprise Linux 8 and 9 (including kernel-rt variants) are affected; RHEL 6 and 7 kernel packages are confirmed not affected. ↗
- ·Debian bookworm fix is in kernel 6.1.52-1; forky/sid/trixie fix is in 6.4.11-1. Systems on older Debian kernel packages remain vulnerable. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-starfive-6.2 vulnerabilities
osv·2023-11-28·CVSS 9.8
CVE-2023-25775 [CRITICAL] linux-starfive-6.2 vulnerabilities
linux-starfive-6.2 vulnerabilities
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (syste
OSV
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-
osv·2023-10-31·CVSS 4.7
[MEDIUM] linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive vulnerabilities
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)
Chih-Yen Chang discovered that t
OSV
linux-nvidia-6.2 vulnerabilities
osv·2023-10-31·CVSS 7.0
CVE-2022-45886 [HIGH] linux-nvidia-6.2 vulnerabilities
linux-nvidia-6.2 vulnerabilities
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel
contained a race condition during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-45886, CVE-2022-45919)
Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the
Linux kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2022-45887)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS im
OSV
linux-intel-iotg-5.15 vulnerabilities
osv·2023-10-24·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg-5.15 vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system
OSV
linux-raspi vulnerabilities
osv·2023-10-19·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (
OSV
linux-intel-iotg vulnerabilities
osv·2023-10-19·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system cras
OSV
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
osv·2023-10-06·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of ser
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15,
osv·2023-10-04·CVSS 5.7
[MEDIUM] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15,
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expos
OSV
CVE-2023-44466: An issue was discovered in net/ceph/messenger_v2
osv·2023-09-29·CVSS 8.8
CVE-2023-44466 [HIGH] CVE-2023-44466: An issue was discovered in net/ceph/messenger_v2
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
GHSA
GHSA-7wwm-57j8-wx2j: An issue was discovered in net/ceph/messenger_v2
ghsa_unreviewed·2023-09-29
CVE-2023-44466 [HIGH] CWE-120 GHSA-7wwm-57j8-wx2j: An issue was discovered in net/ceph/messenger_v2
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Palo Alto
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2025-02-12·CVSS 7.1
CVE-2015-5312 [HIGH] PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
T he Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2015-5312, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4738, CVE-2018-1111, CVE-2018-14634, CVE-2018-18653, CVE-2019-0145, CVE-2019-8331, CVE-2020-0599, CVE-2020-14343, CVE-2020-14779, CVE-2020-27844, CVE-2020-29569, CVE-2021-21315, CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, CVE-2021-27862, CVE-2021-3618, CVE-2021-3711, CVE-2022-2097, CVE-2022-22816, CVE-2022-40303, CVE-2022-41723, CVE-2022-41741, CVE-2022-41742, CVE-2023-3247, CVE-2023-38408, CVE-2023-44466, CVE-2023-50781, CVE-2023-50782, CVE-2024-12084, CV
Ubuntu
Linux kernel (StarFive) vulnerabilities
vendor_ubuntu·2023-11-28·CVSS 5.6
CVE-2023-38432 [MEDIUM] Linux kernel (StarFive) vulnerabilities
Title: Linux kernel (StarFive) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-31·CVSS 4.7
CVE-2023-3772 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnera
Ubuntu
Linux kernel (NVIDIA) vulnerabilities
vendor_ubuntu·2023-10-31·CVSS 7.0
CVE-2023-3772 [HIGH] Linux kernel (NVIDIA) vulnerabilities
Title: Linux kernel (NVIDIA) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel
contained a race condition during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-45886, CVE-2022-45919)
Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the
Linux kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2022-45887)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in c
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-10-24·CVSS 5.7
CVE-2023-38432 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplie
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2023-10-19·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-suppl
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-10-19·CVSS 5.7
CVE-2023-38432 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplie
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-06·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A rem
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-04·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A rem
Red Hat
kernel: buffer overflow in ceph file net/ceph/messenger_v2.c
vendor_redhat·2023-09-29·CVSS 8.8
CVE-2023-44466 [HIGH] CWE-119 kernel: buffer overflow in ceph file net/ceph/messenger_v2.c
kernel: buffer overflow in ceph file net/ceph/messenger_v2.c
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
An flaw was found in net/ceph/messenger_v2.c in the Linux Kernel. An integer signing error leads to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This issue occurs due to an untrusted length taken from a TCP packet in ceph_decode_32.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux
Microsoft
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the
vendor_msrc·2023-09-12·CVSS 8.8
CVE-2023-44466 [HIGH] CWE-120 An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this
Debian
CVE-2023-44466: linux - An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6....
vendor_debian·2023·CVSS 8.8
CVE-2023-44466 [HIGH] CVE-2023-44466: linux - An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6....
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Scope: local
bookworm: resolved (fixed in 6.1.52-1)
bullseye: resolved
forky: resolved (fixed in 6.4.11-1)
sid: resolved (fixed in 6.4.11-1)
trixie: resolved (fixed in 6.4.11-1)
No detection rules found.
No public exploits indexed.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwphhttps://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97https://security.netapp.com/advisory/ntap-20231116-0003/https://www.spinics.net/lists/ceph-devel/msg57909.htmlhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwphhttps://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97https://security.netapp.com/advisory/ntap-20231116-0003/https://www.spinics.net/lists/ceph-devel/msg57909.html
2023-09-29
Published