Linux Kernel libceph Untrusted Index Bounds Check Vulnerability

A vulnerability in the Linux kernel's libceph component involves improper handling of Object Storage Device (OSD) indexes, which are received from untrusted network packets. This issue has been addressed by replacing the original BUG_ON macro, which could lead to kernel crashes, with proper boundary checks to validate these indexes against the maximum allowed value. The vulnerability could potentially be exploited by manipulating network packets to include invalid OSD index values, leading to out-of-bounds access or other unintended behavior.

Impact

Exploitation of this vulnerability could have led to out-of-bounds access, potentially causing memory corruption or other undefined behavior in the kernel.

Reproduction

The vulnerability could be reproduced by sending network packets that include OSD index values exceeding the valid range, prior to the application of the patch that introduced the bounds checks. This would trigger the original BUG_ON condition, causing a kernel panic.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Archive.