A vulnerability has been found in Ceph which can lead to root privilege escalation.
Package | sys-cluster/ceph on all architectures |
---|---|
Affected versions | < 17.2.6 |
Unaffected versions | >= 17.2.6 |
Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability.
A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details.
The ceph-crash.service runs the ceph-crash Python script as root. The script is operating in the directory /var/lib/ceph/crash which is controlled by the unprivileged ceph user (ceph:ceph mode 0750). The script periodically scans for new crash directories and forwards the content via `ceph crash post`.
There is no known workaround at this time.
All Ceph users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/ceph-17.2.6"
Release date
December 23, 2023
Latest revision
December 23, 2023: 1
Severity
high
Exploitable
local
Bugzilla entries