Ceph Crashes Local Privilege Escalation via ceph-crash.service Dump
CVE-2022-3650 Published on January 17, 2023
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
Weakness Type
Placement of User into Incorrect Group
The software or the administrator places a user into an incorrect group. If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.
Products Associated with CVE-2022-3650
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-3650 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.