CVE-2024-56564

Summary

In the Linux kernel, the following vulnerability has been resolved:

ceph: pass cred pointer to ceph_mds_auth_match()

This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer.

As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux596afb0b8933ba6ed7227adcc538db26feb25c74 < ffa6ba7bdb7f07f49c9e9150b0176df066520f62affected
LinuxLinux596afb0b8933ba6ed7227adcc538db26feb25c74 < 23426309a4064b25a961e1c72961d8bfc7c8c990affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.4 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

References