Debian 11: Ceph Important Security Update CVE-2021-3979 DLA-4310-1
debian lts
September 25, 2025
Ceph a distributed filesystem was affected by multiple vulnerabilties CVE-2021-3979
Summary
CVE-2021-3979
A key length flaw was found in Ceph Storage component.
An attacker can exploit the fact that the key length is incorrectly
passed in an encryption algorithm to create a non random key,
which is weaker and can be exploited for loss of confidentiality
and integrity on encrypted disks.
CVE-2022-3650
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows
a local attacker to escalate privileges to root in the form of a crash
dump, and dump privileged information.
CVE-2023-43040
A flaw was found in Ceph RGW. An unprivileged
user can write to any bucket(s) accessible by a given key
if a POST's form-data contains a key called 'bucket'
with a value matching the name of the bucket used to sign
the request. The result of this is that a user could actually
upload to any bucket accessible by the specified access key
as long as the bucket in the POST policy matches the bucket
in said POST form part.
CVE-2025-52555
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: ceph
Version: 14.2.21-1+deb11u1
CVE ID: CVE-2021-3979 CVE-2022-3650 CVE-2023-43040 CVE-2025-52555
Debian Bug: 1024932 1053690 1108410
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!