2025-12-24 10:55:25
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the session->s_cap_lock is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash. We need to check the existence of the cap just after the ci->i_ceph_lock being acquired. And do nothing if its already removed.