{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68297","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.293Z","datePublished":"2025-12-16T15:06:16.756Z","dateUpdated":"2026-05-11T21:50:26.313Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:50:26.313Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix crash in process_v2_sparse_read() for encrypted directories\n\nThe crash in process_v2_sparse_read() for fscrypt-encrypted directories\nhas been reported. Issue takes place for Ceph msgr2 protocol in secure\nmode. It can be reproduced by the steps:\n\nsudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure\n\n(1) mkdir /mnt/cephfs/fscrypt-test-3\n(2) cp area_decrypted.tar /mnt/cephfs/fscrypt-test-3\n(3) fscrypt encrypt --source=raw_key --key=./my.key /mnt/cephfs/fscrypt-test-3\n(4) fscrypt lock /mnt/cephfs/fscrypt-test-3\n(5) fscrypt unlock --key=my.key /mnt/cephfs/fscrypt-test-3\n(6) cat /mnt/cephfs/fscrypt-test-3/area_decrypted.tar\n(7) Issue has been triggered\n\n[  408.072247] ------------[ cut here ]------------\n[  408.072251] WARNING: CPU: 1 PID: 392 at net/ceph/messenger_v2.c:865\nceph_con_v2_try_read+0x4b39/0x72f0\n[  408.072267] Modules linked in: intel_rapl_msr intel_rapl_common\nintel_uncore_frequency_common intel_pmc_core pmt_telemetry pmt_discovery\npmt_class intel_pmc_ssram_telemetry intel_vsec kvm_intel joydev kvm irqbypass\npolyval_clmulni ghash_clmulni_intel aesni_intel rapl input_leds psmouse\nserio_raw i2c_piix4 vga16fb bochs vgastate i2c_smbus floppy mac_hid qemu_fw_cfg\npata_acpi sch_fq_codel rbd msr parport_pc ppdev lp parport efi_pstore\n[  408.072304] CPU: 1 UID: 0 PID: 392 Comm: kworker/1:3 Not tainted 6.17.0-rc7+\n[  408.072307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.17.0-5.fc42 04/01/2014\n[  408.072310] Workqueue: ceph-msgr ceph_con_workfn\n[  408.072314] RIP: 0010:ceph_con_v2_try_read+0x4b39/0x72f0\n[  408.072317] Code: c7 c1 20 f0 d4 ae 50 31 d2 48 c7 c6 60 27 d5 ae 48 c7 c7 f8\n8e 6f b0 68 60 38 d5 ae e8 00 47 61 fe 48 83 c4 18 e9 ac fc ff ff <0f> 0b e9 06\nfe ff ff 4c 8b 9d 98 fd ff ff 0f 84 64 e7 ff ff 89 85\n[  408.072319] RSP: 0018:ffff88811c3e7a30 EFLAGS: 00010246\n[  408.072322] RAX: ffffed1024874c6f RBX: ffffea00042c2b40 RCX: 0000000000000f38\n[  408.072324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[  408.072325] RBP: ffff88811c3e7ca8 R08: 0000000000000000 R09: 00000000000000c8\n[  408.072326] R10: 00000000000000c8 R11: 0000000000000000 R12: 00000000000000c8\n[  408.072327] R13: dffffc0000000000 R14: ffff8881243a6030 R15: 0000000000003000\n[  408.072329] FS:  0000000000000000(0000) GS:ffff88823eadf000(0000)\nknlGS:0000000000000000\n[  408.072331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  408.072332] CR2: 000000c0003c6000 CR3: 000000010c106005 CR4: 0000000000772ef0\n[  408.072336] PKRU: 55555554\n[  408.072337] Call Trace:\n[  408.072338]  <TASK>\n[  408.072340]  ? sched_clock_noinstr+0x9/0x10\n[  408.072344]  ? __pfx_ceph_con_v2_try_read+0x10/0x10\n[  408.072347]  ? _raw_spin_unlock+0xe/0x40\n[  408.072349]  ? finish_task_switch.isra.0+0x15d/0x830\n[  408.072353]  ? __kasan_check_write+0x14/0x30\n[  408.072357]  ? mutex_lock+0x84/0xe0\n[  408.072359]  ? __pfx_mutex_lock+0x10/0x10\n[  408.072361]  ceph_con_workfn+0x27e/0x10e0\n[  408.072364]  ? metric_delayed_work+0x311/0x2c50\n[  408.072367]  process_one_work+0x611/0xe20\n[  408.072371]  ? __kasan_check_write+0x14/0x30\n[  408.072373]  worker_thread+0x7e3/0x1580\n[  408.072375]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  408.072378]  ? __pfx_worker_thread+0x10/0x10\n[  408.072381]  kthread+0x381/0x7a0\n[  408.072383]  ? __pfx__raw_spin_lock_irq+0x10/0x10\n[  408.072385]  ? __pfx_kthread+0x10/0x10\n[  408.072387]  ? __kasan_check_write+0x14/0x30\n[  408.072389]  ? recalc_sigpending+0x160/0x220\n[  408.072392]  ? _raw_spin_unlock_irq+0xe/0x50\n[  408.072394]  ? calculate_sigpending+0x78/0xb0\n[  408.072395]  ? __pfx_kthread+0x10/0x10\n[  408.072397]  ret_from_fork+0x2b6/0x380\n[  408.072400]  ? __pfx_kthread+0x10/0x10\n[  408.072402]  ret_from_fork_asm+0x1a/0x30\n[  408.072406]  </TASK>\n[  408.072407] ---[ end trace 0000000000000000 ]---\n[  408.072418] Oops: general protection fault, probably for non-canonical\naddress 0xdffffc00000000\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ceph/messenger_v2.c"],"versions":[{"version":"da9c33a70f095d5d55c36d0bfeba969e31de08ae","lessThan":"5a3f3e39b18705bc578fae58abacc8ef93c15194","status":"affected","versionType":"git"},{"version":"8e46a2d068c92a905d01cbb018b00d66991585ab","lessThan":"47144748fbf12068ba4b82512098fe1ac748a2e9","status":"affected","versionType":"git"},{"version":"8e46a2d068c92a905d01cbb018b00d66991585ab","lessThan":"7d1b7de853f7d1eefd6d22949bcefc0c25186727","status":"affected","versionType":"git"},{"version":"8e46a2d068c92a905d01cbb018b00d66991585ab","lessThan":"43962db4a6f593903340c85591056a0cef812dfd","status":"affected","versionType":"git"},{"version":"bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ceph/messenger_v2.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"6.6.119","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.61","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.11","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.17","versionEndExcluding":"6.6.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.17.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5a3f3e39b18705bc578fae58abacc8ef93c15194"},{"url":"https://git.kernel.org/stable/c/47144748fbf12068ba4b82512098fe1ac748a2e9"},{"url":"https://git.kernel.org/stable/c/7d1b7de853f7d1eefd6d22949bcefc0c25186727"},{"url":"https://git.kernel.org/stable/c/43962db4a6f593903340c85591056a0cef812dfd"}],"title":"ceph: fix crash in process_v2_sparse_read() for encrypted directories","x_generator":{"engine":"bippy-1.2.0"}}}}