19 Nov
2024
19 Nov
'24
2:54 p.m.
On Tue, Nov 19, 2024 at 2:58 PM Patrick Donnelly pdonnell@redhat.com wrote:
The protocol does **not** require building the full path for most operations unless it involves a snapshot.
We don't use Ceph snapshots, but before today's emergency update, we could shoot down an arbitrary server with a single (unprivileged) system call using this vulnerability.
I'm not sure what your point is, but this vulnerability exists, it works without snapshots and we think it's serious.