CVE - CVE-2024-42232

CVE-ID
CVE-2024-42232	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf URL:https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf MISC:https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7 URL:https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7 MISC:https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a URL:https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a MISC:https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e URL:https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e MISC:https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c URL:https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c MISC:https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea URL:https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea MISC:https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883 URL:https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883 MISC:https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d URL:https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
Assigning CNA
kernel.org
Date Record Created
20240730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)