Linux Kernel Ceph Snapshot Context Handling Vulnerability in OSD Write Operations

A vulnerability has been identified in the Linux kernel's Ceph file system implementation. The issue arises in the 'ceph_zero_partial_object' function, which handles object storage daemon (OSD) write operations. This function failed to incorporate the correct snapshot context, potentially leading to data inconsistencies within snapshots. The vulnerability affects the Linux kernel stable tree.

Impact

The lack of proper snapshot context in OSD write operations can cause data inconsistencies in snapshots, leading to unreliable snapshot management and potential data loss or corruption.

Reproduction

The vulnerability can be reproduced by using the Ceph file system with a specific set of commands. First, mount a Ceph file system with the appropriate authentication caps. Then, write a file into the mounted file system and create a snapshot. After that, modify the original file and access the snapshot to observe the inconsistency, indicated by a different MD5 checksum.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.