Linux Kernel libceph CEPH_MAX_KEY_LEN Vulnerability

A vulnerability in the Linux kernel's libceph component has been addressed by defining and enforcing a maximum key length. The issue arose because the previous key length validation was inadequate, allowing for potential buffer overflows. The new check ensures that key material fits within a fixed-size buffer and has a reasonable length, excluding the 'none' crypto option. This vulnerability affects the stable group of the Linux kernel.

Impact

The vulnerability could lead to buffer overflow issues by allowing keys that exceed the maximum allowed length, potentially overwriting adjacent memory and causing undefined behavior.

Reproduction

The vulnerability can be reproduced by using the Ceph messenger v2 protocol and sending an authentication key that exceeds the maximum length allowed. This can be done by modifying the key length in the authentication process to a value greater than the defined maximum, which will trigger the buffer overflow by overwriting memory beyond the allocated buffer for the key.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.