{"id":"CVE-2024-42232","summary":"libceph: fix race between delayed_work() and ceph_monc_stop()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting().  Both of\nthese can requeue the delayed work which wouldn't be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn't mess with the delayed work in order\nto avoid interfering with the hunting interval logic.  This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n  in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n  it's done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed","modified":"2026-03-20T12:38:44.062943Z","published":"2024-08-07T15:14:23.074Z","related":["SUSE-SU-2024:3189-1","SUSE-SU-2024:3190-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3225-1","SUSE-SU-2024:3227-1","SUSE-SU-2024:3249-1","SUSE-SU-2024:3251-1","SUSE-SU-2024:3252-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3408-1","SUSE-SU-2024:3467-1","SUSE-SU-2024:3483-1","SUSE-SU-2024:3499-1","SUSE-SU-2025:0201-1","SUSE-SU-2025:0201-2","SUSE-SU-2025:0229-1","SUSE-SU-2025:02390-1","SUSE-SU-2025:02391-1","SUSE-SU-2025:02392-1","SUSE-SU-2025:02398-1","SUSE-SU-2025:02403-1","SUSE-SU-2025:02416-1","SUSE-SU-2025:02419-1","SUSE-SU-2025:02422-1","SUSE-SU-2025:02436-1","SUSE-SU-2025:02440-1","SUSE-SU-2025:02455-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42232.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42232.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42232"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0e04dc26cc594d31ee6b1382b452b6bc83b57937"},{"fixed":"1177afeca833174ba83504688eec898c6214f4bf"},{"fixed":"63e5d035e3a7ab7412a008f202633c5e6a0a28ea"},{"fixed":"34b76d1922e41da1fa73d43b764cddd82ac9733c"},{"fixed":"20cf67dcb7db842f941eff1af6ee5e9dc41796d7"},{"fixed":"2d33654d40a05afd91ab24c9a73ab512a0670a9a"},{"fixed":"9525af1f58f67df387768770fcf6d6a8f23aee3d"},{"fixed":"33d38c5da17f8db2d80e811b7829d2822c10625e"},{"fixed":"69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42232.json"}}],"schema_version":"1.7.5"}