SB2022081731 - SUSE update for ceph
Published: August 17, 2022
Security Bulletin ID
SB2022081731
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-3979)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to Ceph volume does not the honour osd_dmcrypt_key_size, resulting in the key length is being incorrectly passed in an encryption algorithm to create a non random key. An attacker with physical access to encrypted device can decrypt data and gain access to sensitive information.
Remediation
Install update from vendor's website.