Linux Kernel Out-of-Bounds Read Vulnerability in libceph Messenger V2

A vulnerability allowing potential out-of-bounds reads has been identified in the Linux kernel's libceph component, specifically within the messenger_v2 handling of authentication. This issue arises from an inadequate bounds check on the payload length, which could lead to unauthorized memory access. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior such as memory corruption or information leakage.

Reproduction

The vulnerability can be reproduced by triggering the 'process_auth_done' function in the 'libceph' component, specifically within the 'messenger_v2' protocol handling. This function processes authentication data, including a payload length value. Without proper validation, an attacker could manipulate the payload length to exceed allocated boundaries, causing an out-of-bounds read.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.