openEuler 22.03 LTS SP3 update for ceph

1) Resource exhaustion

EUVDB-ID: #VU85833

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-46159

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a user in adjacent network to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A user in adjacent network can trigger resource exhaustion and perform a denial of service (DoS) attack from RGW.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

cephfs-top: before 16.2.7-21

cephadm: before 16.2.7-21

ceph-prometheus-alerts: before 16.2.7-21

ceph-mgr-rook: before 16.2.7-21

ceph-mgr-modules-core: before 16.2.7-21

ceph-mgr-k8sevents: before 16.2.7-21

ceph-mgr-diskprediction-local: before 16.2.7-21

ceph-mgr-dashboard: before 16.2.7-21

ceph-mgr-cephadm: before 16.2.7-21

ceph-grafana-dashboards: before 16.2.7-21

rbd-nbd: before 16.2.7-21

rbd-mirror: before 16.2.7-21

rbd-fuse: before 16.2.7-21

rados-objclass-devel: before 16.2.7-21

python3-rgw: before 16.2.7-21

python3-rbd: before 16.2.7-21

python3-rados: before 16.2.7-21

python3-cephfs: before 16.2.7-21

python3-ceph-common: before 16.2.7-21

python3-ceph-argparse: before 16.2.7-21

librgw2: before 16.2.7-21

librgw-devel: before 16.2.7-21

librbd1: before 16.2.7-21

librbd-devel: before 16.2.7-21

libradosstriper1: before 16.2.7-21

libradosstriper-devel: before 16.2.7-21

libradospp-devel: before 16.2.7-21

librados2: before 16.2.7-21

librados-devel: before 16.2.7-21

libcephsqlite-devel: before 16.2.7-21

libcephsqlite: before 16.2.7-21

libcephfs2: before 16.2.7-21

libcephfs-devel: before 16.2.7-21

cephfs-mirror: before 16.2.7-21

ceph-test: before 16.2.7-21

ceph-selinux: before 16.2.7-21

ceph-resource-agents: before 16.2.7-21

ceph-radosgw: before 16.2.7-21

ceph-osd: before 16.2.7-21

ceph-mon: before 16.2.7-21

ceph-mgr: before 16.2.7-21

ceph-mds: before 16.2.7-21

ceph-immutable-object-cache: before 16.2.7-21

ceph-fuse: before 16.2.7-21

ceph-debugsource: before 16.2.7-21

ceph-debuginfo: before 16.2.7-21

ceph-common: before 16.2.7-21

ceph-base: before 16.2.7-21

ceph: before 16.2.7-21

CPE2.3

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
• cpe:2.3:a:openeuler:cephfs-top:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:cephadm:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-prometheus-alerts:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-rook:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-modules-core:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-k8sevents:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-diskprediction-local:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-dashboard:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr-cephadm:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-grafana-dashboards:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:rbd-nbd:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:rbd-mirror:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:rbd-fuse:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:rados-objclass-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-rgw:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-rbd:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-rados:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-cephfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-ceph-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-ceph-argparse:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librgw2:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librgw-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librbd1:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librbd-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libradosstriper1:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libradosstriper-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libradospp-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librados2:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:librados-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libcephsqlite-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libcephsqlite:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libcephfs2:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libcephfs-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:cephfs-mirror:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-selinux:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-resource-agents:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-radosgw:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-osd:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mon:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mgr:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-mds:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-immutable-object-cache:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-fuse:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph-base:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ceph:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2406

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.