CVE-2023-52732
MediumIn the Linux kernel, the following vulnerability has been resolved: ceph: blocklist the kclient when receiving corrupted snap trace When received corrupted snap trace we don't know what exactly has happened in MDS side. And we shouldn't continue IOs and metadatas access to MDS, which may corrupt or get incorrect contents. This patch will just block all the further IO/MDS requests immediately and then evict the kclient itself. The reason why we still need to evict the kclient just after blocking all the further IOs is that the MDS could revoke the caps faster.
CVSS 3.1 score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
The following references provide additional information about CVE-2023-52732 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c
-
PatchKernel patch commithttps://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9
Frequently asked questions
-
What is CVE-2023-52732?
CVE-2023-52732 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2023-52732 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2023-52732?
CVE-2023-52732 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2023-52732?
No patch is currently available for CVE-2023-52732. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2023-52732 actively exploited?
No — CVE-2023-52732 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.