Headline
CVE-2021-3979: Red Hat Customer Portal - Access to 24x7 support and knowledge
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Red Hat Product Security Center
Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.
Product Security Center
Related news
Ubuntu Security Notice 6063-1 - Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.