CVE-2023-52636
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52636
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52636.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52636
- Downstream
- Related
- Published
- 2024-04-02T07:01:38Z
- Modified
- 2025-10-21T14:17:33.219816Z
- Summary
- libceph: just wait for more data to be available on the socket
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
libceph: just wait for more data to be available on the socket
A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes all readpartial*() handlers, including readpartialsparsemsgdata(). The expectation is that readpartialsparsemsgdata() would bail, allowing the messenger to invoke read_partial() for the footer and pick up where it left off.
However readpartialsparsemsgdata() violates that and ends up calling into the state machine in the OSD client. The sparse-read state machine assumes that it's a new op and interprets some piece of the footer as the sparse-read header and returns bogus extents/data length, etc.
To determine whether readpartialsparsemsgdata() should bail, let's reuse cursor->totalresid. Because once it reaches to zero that means all the extents and data have been successfully received in last read, else it could break out when partially reading any of the extents and data. And then osdsparse_read() could continue where it left off.
[ idryomov: changelog ]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd396f89db39a2f259e2125ca43b4c31bb65afcadFixedda9c33a70f095d5d55c36d0bfeba969e31de08ae
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd396f89db39a2f259e2125ca43b4c31bb65afcadFixedbd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd396f89db39a2f259e2125ca43b4c31bb65afcadFixed8e46a2d068c92a905d01cbb018b00d66991585ab
Affected versions
v6.*
v6.5
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.8-rc1
v6.8-rc2
v6.8-rc3
Database specific
vanir_signatures
[
{
"id": "CVE-2023-52636-095ed8c3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "221566140851562408857420956317246191799",
"length": 136.0
},
"target": {
"function": "prepare_message_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-144f7391",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "34484230764052375179680682311757190336",
"length": 1381.0
},
"target": {
"function": "decrypt_tail",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-168cac32",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "272134129438779642373995453601166007956",
"length": 1668.0
},
"target": {
"function": "get_reply",
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-1e93f15e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16284004415384343960171796824740224213",
"69465238405429041714445904265223170265",
"157953663930337556258673241785718363107",
"155853124382072944983744583101969105607",
"16526971868748809780099850886933583604",
"200930638598568388371664771794398844835",
"149217325211072536023314339354566211669",
"280571189555108865352870142674575551915"
]
},
"target": {
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-20153a8d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "272134129438779642373995453601166007956",
"length": 1668.0
},
"target": {
"function": "get_reply",
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-397bd473",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "59371873060516406342374248912456352269",
"length": 809.0
},
"target": {
"function": "read_partial_sparse_msg_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-482f4c67",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236035960571822624133520396151925091876",
"63644294329575821204635274926608591203",
"258506082650833090393006447933344270263",
"335720300096655109146822467658648805521",
"48917479496417379922588183005522601888",
"139776462922301399855720019423334057250",
"58142365749398252664810338521423023596",
"270436377280998752709266227416048691550",
"147397224364451448355861148593059222110",
"11959306762824274116969258652515953849",
"290299706898673515036149024127617997512"
]
},
"target": {
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-55b985a9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236035960571822624133520396151925091876",
"63644294329575821204635274926608591203",
"258506082650833090393006447933344270263",
"335720300096655109146822467658648805521",
"48917479496417379922588183005522601888",
"139776462922301399855720019423334057250",
"58142365749398252664810338521423023596",
"270436377280998752709266227416048691550",
"147397224364451448355861148593059222110",
"11959306762824274116969258652515953849",
"290299706898673515036149024127617997512"
]
},
"target": {
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-568dd5f6",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16284004415384343960171796824740224213",
"69465238405429041714445904265223170265",
"157953663930337556258673241785718363107",
"155853124382072944983744583101969105607",
"16526971868748809780099850886933583604",
"200930638598568388371664771794398844835",
"149217325211072536023314339354566211669",
"280571189555108865352870142674575551915"
]
},
"target": {
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-57507917",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "26166053723490237557800758208230397613",
"length": 4292.0
},
"target": {
"function": "read_partial_message",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-58e87c26",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "99809316940420133764660005891479589224",
"length": 1889.0
},
"target": {
"function": "prep_next_sparse_read",
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-6b22a9af",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "34484230764052375179680682311757190336",
"length": 1381.0
},
"target": {
"function": "decrypt_tail",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-726da3d0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "221566140851562408857420956317246191799",
"length": 136.0
},
"target": {
"function": "prepare_message_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-7446a8ed",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "258100827111953359768349213098081884760",
"length": 829.0
},
"target": {
"function": "prepare_read_tail_plain",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-74745906",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236035960571822624133520396151925091876",
"63644294329575821204635274926608591203",
"258506082650833090393006447933344270263",
"335720300096655109146822467658648805521",
"48917479496417379922588183005522601888",
"139776462922301399855720019423334057250",
"58142365749398252664810338521423023596",
"270436377280998752709266227416048691550",
"147397224364451448355861148593059222110",
"11959306762824274116969258652515953849",
"290299706898673515036149024127617997512"
]
},
"target": {
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-7ee2870c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"167886888476198723942690568427305930300",
"13902889826882968569463975098161448841",
"226595793533239804261330762212957851270",
"262444200150333182412949673174381194087"
]
},
"target": {
"file": "include/linux/ceph/messenger.h"
}
},
{
"id": "CVE-2023-52636-84c1eb62",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "26166053723490237557800758208230397613",
"length": 4292.0
},
"target": {
"function": "read_partial_message",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-85907b97",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "59371873060516406342374248912456352269",
"length": 809.0
},
"target": {
"function": "read_partial_sparse_msg_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-88dd63d9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"167886888476198723942690568427305930300",
"13902889826882968569463975098161448841",
"226595793533239804261330762212957851270",
"262444200150333182412949673174381194087"
]
},
"target": {
"file": "include/linux/ceph/messenger.h"
}
},
{
"id": "CVE-2023-52636-8befb3bd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "99809316940420133764660005891479589224",
"length": 1889.0
},
"target": {
"function": "prep_next_sparse_read",
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-8ddcfbcb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329940832847026225348744859464413670253",
"179728672916310516323932396065429566722",
"308383133003803348890979640633303224848",
"83786159958427005303078996734396011603",
"336183571321777066929333681807131329212",
"31146430332241600875432392538261564179",
"154335487121035030564519908045465159438",
"111762542496598368818927162885952256222",
"122002002730988791705762648611642767188",
"125418180029150410498557103580182779822",
"80237263927780861459426598033821477718",
"1574619659767945137179618999397927807",
"303826162868700555995815701118026630549",
"52671604819874369180164548843445360008",
"255081456791019216056508042758666128453",
"145653541533303026547052082775130278015",
"267346365717446088666233062489122382949",
"339946167568374509124570469088127373369",
"338708731054076028241007968802356627970",
"324819655019707613941259331802146367946",
"176608257867870851306069730167782962716",
"89501101249255283646382015353522449067",
"178372530883353374725362974151325652378",
"338649822726678070690387874959200122962",
"278727456723832272287197847106018283078",
"247433378520902732788810009452447275430",
"150285511710474911942097239452090145432",
"17383889462845130455873897035145934338",
"248028729243809035064416144271526290862"
]
},
"target": {
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-95970290",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329940832847026225348744859464413670253",
"179728672916310516323932396065429566722",
"308383133003803348890979640633303224848",
"83786159958427005303078996734396011603",
"336183571321777066929333681807131329212",
"31146430332241600875432392538261564179",
"154335487121035030564519908045465159438",
"111762542496598368818927162885952256222",
"122002002730988791705762648611642767188",
"125418180029150410498557103580182779822",
"80237263927780861459426598033821477718",
"1574619659767945137179618999397927807",
"303826162868700555995815701118026630549",
"52671604819874369180164548843445360008",
"255081456791019216056508042758666128453",
"145653541533303026547052082775130278015",
"267346365717446088666233062489122382949",
"339946167568374509124570469088127373369",
"338708731054076028241007968802356627970",
"324819655019707613941259331802146367946",
"176608257867870851306069730167782962716",
"89501101249255283646382015353522449067",
"178372530883353374725362974151325652378",
"338649822726678070690387874959200122962",
"278727456723832272287197847106018283078",
"247433378520902732788810009452447275430",
"150285511710474911942097239452090145432",
"17383889462845130455873897035145934338",
"248028729243809035064416144271526290862"
]
},
"target": {
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-990face5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "99809316940420133764660005891479589224",
"length": 1889.0
},
"target": {
"function": "prep_next_sparse_read",
"file": "net/ceph/osd_client.c"
}
},
{
"id": "CVE-2023-52636-a01987ac",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"167886888476198723942690568427305930300",
"13902889826882968569463975098161448841",
"226595793533239804261330762212957851270",
"262444200150333182412949673174381194087"
]
},
"target": {
"file": "include/linux/ceph/messenger.h"
}
},
{
"id": "CVE-2023-52636-a3410aa2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "221566140851562408857420956317246191799",
"length": 136.0
},
"target": {
"function": "prepare_message_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-aea3c5f8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "26166053723490237557800758208230397613",
"length": 4292.0
},
"target": {
"function": "read_partial_message",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-b9573e04",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "59371873060516406342374248912456352269",
"length": 809.0
},
"target": {
"function": "read_partial_sparse_msg_data",
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-c0af1fd0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16284004415384343960171796824740224213",
"69465238405429041714445904265223170265",
"157953663930337556258673241785718363107",
"155853124382072944983744583101969105607",
"16526971868748809780099850886933583604",
"200930638598568388371664771794398844835",
"149217325211072536023314339354566211669",
"280571189555108865352870142674575551915"
]
},
"target": {
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-c9fa04fd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "258100827111953359768349213098081884760",
"length": 829.0
},
"target": {
"function": "prepare_read_tail_plain",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-ddb80c7f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da9c33a70f095d5d55c36d0bfeba969e31de08ae",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "258100827111953359768349213098081884760",
"length": 829.0
},
"target": {
"function": "prepare_read_tail_plain",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-e5d6cce9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "34484230764052375179680682311757190336",
"length": 1381.0
},
"target": {
"function": "decrypt_tail",
"file": "net/ceph/messenger_v2.c"
}
},
{
"id": "CVE-2023-52636-ecdf7ff2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329940832847026225348744859464413670253",
"179728672916310516323932396065429566722",
"308383133003803348890979640633303224848",
"83786159958427005303078996734396011603",
"336183571321777066929333681807131329212",
"31146430332241600875432392538261564179",
"154335487121035030564519908045465159438",
"111762542496598368818927162885952256222",
"122002002730988791705762648611642767188",
"125418180029150410498557103580182779822",
"80237263927780861459426598033821477718",
"1574619659767945137179618999397927807",
"303826162868700555995815701118026630549",
"52671604819874369180164548843445360008",
"255081456791019216056508042758666128453",
"145653541533303026547052082775130278015",
"267346365717446088666233062489122382949",
"339946167568374509124570469088127373369",
"338708731054076028241007968802356627970",
"324819655019707613941259331802146367946",
"176608257867870851306069730167782962716",
"89501101249255283646382015353522449067",
"178372530883353374725362974151325652378",
"338649822726678070690387874959200122962",
"278727456723832272287197847106018283078",
"247433378520902732788810009452447275430",
"150285511710474911942097239452090145432",
"17383889462845130455873897035145934338",
"248028729243809035064416144271526290862"
]
},
"target": {
"file": "net/ceph/messenger_v1.c"
}
},
{
"id": "CVE-2023-52636-f6e7062d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8e46a2d068c92a905d01cbb018b00d66991585ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "272134129438779642373995453601166007956",
"length": 1668.0
},
"target": {
"function": "get_reply",
"file": "net/ceph/osd_client.c"
}
}
]