CVE-2022-3650: 
NixOS vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2022-3650) was discovered in Ceph's ceph-crash.service component. The vulnerability allows a local attacker with ceph user privileges to escalate to root privileges through manipulation of crash dumps. This security flaw was discovered in Ceph version 16.2.9 and was publicly disclosed on October 25, 2022 (OSS Security).

The vulnerability exists in the ceph-crash.service which runs the ceph-crash Python script as root. The script operates in the /var/lib/ceph/crash directory, which is controlled by the unprivileged ceph user. The service periodically scans for new crash directories and forwards content via 'ceph crash post'. The vulnerability has a CVSS v3.1 score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (Ubuntu CVE).

The vulnerability can be exploited to achieve multiple malicious outcomes: escalate privileges to root, post arbitrary data as crash dumps potentially leading to information leaks, and cause denial-of-service by feeding large amounts of data into the ceph crash post process. The most critical impact is the ability to perform local privilege escalation from ceph user to root (OSS Security).

The vulnerability has been fixed in Ceph version 17.2.6. Users are advised to upgrade to this version or later. For Ubuntu users, fixes have been released for various versions including 24.10, 24.04 LTS, 23.10, 23.04, 22.10, 22.04 LTS, and 20.04 LTS (Ubuntu CVE).