Linux Kernel Libceph Sparse-Read State Reset Vulnerability in OSD Client

A vulnerability exists in the Linux kernel's handling of sparse-read operations within the Ceph OSD client. When a fault occurs, the connection is dropped and reestablished, but the sparse-read state is not properly reset. This can cause the client to misinterpret incoming data, potentially leading to a failure state that disrupts normal operations. The issue arises from the sparse-read state machine's independence from the connection's state, allowing errors to persist and create looping behaviors. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause the OSD client's sparse-read machinery to enter a failure state, leading to persistent socket read errors and disrupting normal data handling operations.

Reproduction

To reproduce this vulnerability, initiate a sparse-read operation in the Ceph OSD client and then force a fault that drops the connection mid-payload. The client will not reset the sparse-read state, causing it to misinterpret the next incoming reply as a continuation of the previous one. If this error is not corrected, the sparse-read process can fail indefinitely, creating a loop of socket read errors.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.