Main Vulnerability Database SB2022102203

SB2022102203 - Fedora 37 update for ceph

Published: October 22, 2022

Security Bulletin ID SB2022102203

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-3979)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to Ceph volume does not the honour osd_dmcrypt_key_size, resulting in the key length is being incorrectly passed in an encryption algorithm to create a non random key. An attacker with physical access to encrypted device can decrypt data and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2022-d832fd2f45