Linux Kernel Ceph Module Denial-of-Service Vulnerability in Encrypted Directories

A denial-of-service vulnerability has been identified in the Linux kernel's Ceph messaging protocol version 2, specifically when handling fscrypt-encrypted directories. The issue arises in secure mode, leading to a crash during the processing of sparse reads. The vulnerability can be reproduced by mounting a Ceph filesystem with encryption, locking and unlocking a directory, and then attempting to read a file, which triggers the crash.

Impact

Exploitation of this vulnerability causes a general protection fault, leading to a crash of the kernel thread handling the Ceph connection.

Reproduction

The vulnerability can be reproduced by following these steps: 1. Mount the Ceph filesystem with the command 'sudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure'. 2. Create a new directory for testing encrypted files. 3. Copy a file into the newly created directory. 4. Encrypt the directory using a specified key. 5. Lock the encrypted directory. 6. Unlock the directory using the same key. 7. Attempt to read the copied file from the directory.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed.