CVE-2022-3650
Summary
| CVE | CVE-2022-3650 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-17 19:15:00 UTC |
| Updated | 2023-12-23 10:15:00 UTC |
| Description | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 36 Update: ceph-16.2.12-1.fc36 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| oss-sec: ceph: ceph-crash.service allows local ceph user to root exploit (CVE-2022-3650) | MISC | seclists.org | |
| Ceph: Root Privilege Escalation (GLSA 202312-10) — Gentoo security | security.gentoo.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183627 Debian Security Update for ceph (CVE-2022-3650)
- 199326 Ubuntu Security Notification for Ceph Vulnerabilities (USN-6063-1)
- 199662 Ubuntu Security Notification for Ceph Vulnerability (USN-6292-1)
- 241216 Red Hat Update for red hat ceph storage 5.3 bug fix and (RHSA-2023:0980)
- 283935 Fedora Security Update for ceph (FEDORA-2023-d6b219d19a)
- 710814 Gentoo Linux Ceph Root Privilege Escalation Vulnerability (GLSA 202312-10)
- 753847 SUSE Enterprise Linux Security Update for ceph (SUSE-SU-2023:1580-1)