Linux Kernel Out-of-Bounds Read Vulnerability in Ceph OSD Map Decoder

A vulnerability in the Linux kernel's Ceph library can lead to out-of-bounds read errors when decoding pool information from the object storage device (OSD) map. This issue arises if the OSD map is intentionally corrupted, causing the encoded length of the pool data to be shorter than expected for the corresponding encoding version. The existing bounds check, which relies solely on the length value, is insufficient to prevent such errors. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can cause out-of-bounds read errors, which may lead to information disclosure or undefined behavior.

Reproduction

The vulnerability can be reproduced by corrupting the OSD map in a way that the encoded length of the Ceph pool data is less than what is expected for the specific encoding version. This can be done by manipulating the OSD map data to create a mismatch between the expected and actual lengths, triggering the out-of-bounds read when the pool information is decoded.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the updated kernel can be found on the official Linux kernel website.