CVE-2022-49296: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync. 2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()--> ceph_mdsc_do_request(openc) finish_open(file, dentry, ceph_open)--> ceph_open()--> ceph_init_file()--> ceph_init_file_info()--> ceph_uninline_data()--> { ... if (inline_version == 1 || /* initial version, no data */ inline_version == CEPH_INLINE_NONE) goto out_unlock; ... } The inline_version will be 1, which is the initial version for the new create file. And here the ci->i_inline_version will keep with 1, it's buggy. 3, buffer write to the file immediately: ceph_write_iter()--> ceph_get_caps(file, need=Fw, want=Fb, ...); generic_perform_write()--> a_ops->write_begin()--> ceph_write_begin()--> netfs_write_begin()--> netfs_begin_read()--> netfs_rreq_submit_slice()--> netfs_read_from_server()--> rreq->netfs_ops->issue_read()--> ceph_netfs_issue_read()--> { ... if (ci->i_inline_version != CEPH_INLINE_NONE && ceph_netfs_issue_op_inline(subreq)) return; ... } ceph_put_cap_refs(ci, Fwb); The ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to mds.1. 4, then the mds.1 will request the rd lock for CInode::filelock from the auth mds.0, the mds.0 will do the CInode::filelock state transation from excl --> sync, but it need to revoke the Fxwb caps back from the clients. While the kernel client has aleady held the Fwb caps and waiting for the getattr(Fsr). It's deadlock! URL: https://tracker.ceph.com/issues/55377
AI Analysis
Technical Summary
CVE-2022-49296 is a vulnerability in the Linux kernel's Ceph filesystem client implementation that can cause a deadlock condition. The issue arises during file operations involving inline data handling and capability management between multiple Metadata Servers (MDS) in a Ceph cluster. Specifically, when a file is created with O_RDWR and mounted with the wsync option, the client holds a write buffer capability (Fwb) while attempting to get inline data. During a write operation, the client sends a getattr request to a secondary MDS (mds.1), which in turn requests a read lock from the primary MDS (mds.0). The primary MDS attempts to transition the file lock state and revoke the write buffer capabilities from clients. However, the client is still holding the Fwb capability and waiting for the getattr response, leading to a circular wait and deadlock. This deadlock can cause the affected client to hang indefinitely, impacting file operations and potentially causing service disruptions in environments relying on Ceph for distributed storage. The vulnerability is rooted in improper handling of inline data versioning and capability revocation synchronization between MDS nodes and clients. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations utilizing Ceph-based storage clusters on Linux systems, this vulnerability can lead to significant operational disruptions. Ceph is widely used in cloud infrastructure, research institutions, and enterprises for scalable and reliable distributed storage. A deadlock in the client filesystem can cause file operations to stall, impacting application availability and data processing workflows. This is particularly critical for sectors with high data throughput requirements such as finance, telecommunications, and public services. Prolonged deadlocks could lead to cascading failures in storage-dependent services, increased support costs, and potential data access delays. While the vulnerability does not directly lead to data corruption or unauthorized access, the availability impact alone can be severe in production environments. Additionally, recovery from deadlocks may require manual intervention or system restarts, increasing downtime.
Mitigation Recommendations
To mitigate this vulnerability, organizations should prioritize applying the official Linux kernel patches that address the Ceph deadlock issue once available. In the interim, administrators can consider the following practical steps: 1) Avoid mounting Ceph filesystems with the wsync option if possible, as this is part of the trigger condition. 2) Monitor Ceph client logs and MDS interactions for signs of deadlock or stalled file operations, enabling early detection. 3) Implement robust Ceph cluster monitoring and alerting to identify and respond to client hangs promptly. 4) Test kernel updates in staging environments to ensure compatibility and stability before production deployment. 5) Consider limiting concurrent write operations or adjusting client capability caching settings to reduce contention. 6) Engage with Ceph community and vendor support channels for guidance and updates. These steps go beyond generic advice by focusing on configuration adjustments and proactive monitoring tailored to the Ceph environment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2022-49296: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync. 2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()--> ceph_mdsc_do_request(openc) finish_open(file, dentry, ceph_open)--> ceph_open()--> ceph_init_file()--> ceph_init_file_info()--> ceph_uninline_data()--> { ... if (inline_version == 1 || /* initial version, no data */ inline_version == CEPH_INLINE_NONE) goto out_unlock; ... } The inline_version will be 1, which is the initial version for the new create file. And here the ci->i_inline_version will keep with 1, it's buggy. 3, buffer write to the file immediately: ceph_write_iter()--> ceph_get_caps(file, need=Fw, want=Fb, ...); generic_perform_write()--> a_ops->write_begin()--> ceph_write_begin()--> netfs_write_begin()--> netfs_begin_read()--> netfs_rreq_submit_slice()--> netfs_read_from_server()--> rreq->netfs_ops->issue_read()--> ceph_netfs_issue_read()--> { ... if (ci->i_inline_version != CEPH_INLINE_NONE && ceph_netfs_issue_op_inline(subreq)) return; ... } ceph_put_cap_refs(ci, Fwb); The ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to mds.1. 4, then the mds.1 will request the rd lock for CInode::filelock from the auth mds.0, the mds.0 will do the CInode::filelock state transation from excl --> sync, but it need to revoke the Fxwb caps back from the clients. While the kernel client has aleady held the Fwb caps and waiting for the getattr(Fsr). It's deadlock! URL: https://tracker.ceph.com/issues/55377
AI-Powered Analysis
Technical Analysis
CVE-2022-49296 is a vulnerability in the Linux kernel's Ceph filesystem client implementation that can cause a deadlock condition. The issue arises during file operations involving inline data handling and capability management between multiple Metadata Servers (MDS) in a Ceph cluster. Specifically, when a file is created with O_RDWR and mounted with the wsync option, the client holds a write buffer capability (Fwb) while attempting to get inline data. During a write operation, the client sends a getattr request to a secondary MDS (mds.1), which in turn requests a read lock from the primary MDS (mds.0). The primary MDS attempts to transition the file lock state and revoke the write buffer capabilities from clients. However, the client is still holding the Fwb capability and waiting for the getattr response, leading to a circular wait and deadlock. This deadlock can cause the affected client to hang indefinitely, impacting file operations and potentially causing service disruptions in environments relying on Ceph for distributed storage. The vulnerability is rooted in improper handling of inline data versioning and capability revocation synchronization between MDS nodes and clients. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations utilizing Ceph-based storage clusters on Linux systems, this vulnerability can lead to significant operational disruptions. Ceph is widely used in cloud infrastructure, research institutions, and enterprises for scalable and reliable distributed storage. A deadlock in the client filesystem can cause file operations to stall, impacting application availability and data processing workflows. This is particularly critical for sectors with high data throughput requirements such as finance, telecommunications, and public services. Prolonged deadlocks could lead to cascading failures in storage-dependent services, increased support costs, and potential data access delays. While the vulnerability does not directly lead to data corruption or unauthorized access, the availability impact alone can be severe in production environments. Additionally, recovery from deadlocks may require manual intervention or system restarts, increasing downtime.
Mitigation Recommendations
To mitigate this vulnerability, organizations should prioritize applying the official Linux kernel patches that address the Ceph deadlock issue once available. In the interim, administrators can consider the following practical steps: 1) Avoid mounting Ceph filesystems with the wsync option if possible, as this is part of the trigger condition. 2) Monitor Ceph client logs and MDS interactions for signs of deadlock or stalled file operations, enabling early detection. 3) Implement robust Ceph cluster monitoring and alerting to identify and respond to client hangs promptly. 4) Test kernel updates in staging environments to ensure compatibility and stability before production deployment. 5) Consider limiting concurrent write operations or adjusting client capability caching settings to reduce contention. 6) Engage with Ceph community and vendor support channels for guidance and updates. These steps go beyond generic advice by focusing on configuration adjustments and proactive monitoring tailored to the Ceph environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.302Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5573
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 5:26:18 AM
Last updated: 8/8/2025, 12:21:49 PM
Views: 15
Related Threats
CVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-54992: CWE-611: Improper Restriction of XML External Entity Reference in telstra open-kilda
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.