CVE-2022-3650 - Vulnerability Details - OpenCVE

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ceph Ceph Storage

Configuration 1 [-]

cpe:2.3:a:redhat:ceph:16.2.9:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Ceph Storage 5.3
ceph-2:16.2.10-138.el8cp	cpe:/a:redhat:ceph_storage:5.3::el8	RHSA-2023:0980	2023-02-28T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4310-1	ceph security update
Ubuntu USN	USN-6063-1	Ceph vulnerabilities
Ubuntu USN	USN-6292-1	Ceph vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5/
https://nvd.nist.gov/vuln/detail/CVE-2022-3650
https://seclists.org/oss-sec/2022/q4/41
https://security.gentoo.org/glsa/202312-10
https://www.cve.org/CVERecord?id=CVE-2022-3650

History

Mon, 03 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-01-17T00:00:00.000Z

Updated: 2025-11-03T18:08:01.727Z

Reserved: 2022-10-21T00:00:00.000Z

Link: CVE-2022-3650

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-17T19:15:11.433

Modified: 2025-11-03T19:15:41.067

Link: CVE-2022-3650

Redhat

Severity : Important

Publid Date: 2022-10-25T00:00:00Z

Links: CVE-2022-3650 - Bugzilla

OpenCVE Enrichment

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:16.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "AF012ABE-5F04-429D-88D9-F29246862587", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de escalada de privilegios en Ceph. Ceph-crash.service permite a un atacante local escalar privilegios a root en forma de volcado de memoria y volcar informaci\u00f3n privilegiada."}], "id": "CVE-2022-3650", "lastModified": "2025-11-03T19:15:41.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-17T19:15:11.433", "references": [{"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2022/q4/41"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202312-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2022/q4/41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202312-10"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-842"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0980", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-2:16.2.10-138.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2023-02-28T00:00:00Z"}], "bugzilla": {"description": "Ceph: ceph-crash.service allows local ceph user to root exploit", "id": "2136909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136909"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-842", "details": ["A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.", "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. This issue can lead to loss of confidentiality, integrity, and availability."], "name": "CVE-2022-3650", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "ceph", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "impact": "moderate", "package_name": "ceph", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-10-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3650\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3650"], "statement": "By sending a specially-crafted request, a locally authenticated attacker could exploit this vulnerability to gain elevated privileges as root. Access to Redhat Openshift Data Foundation container is very limited. Hence, the per-product impact for Red Hat Openshift Data Foundation is set to Moderate.", "threat_severity": "Important"}