CVE-2025-68283
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/12/2025
Last modified:
16/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
libceph: replace BUG_ON with bounds check for map->max_osd<br />
<br />
OSD indexes come from untrusted network packets. Boundary checks are<br />
added to validate these against map->max_osd.<br />
<br />
[ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic<br />
edits ]
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/57f5fbae9f1024aba17ff75e00433324115c548a
- https://git.kernel.org/stable/c/b4368b7f97014e1015445d61abd0b27c4c6e8424
- https://git.kernel.org/stable/c/becc488a4d864db338ebd4e313aa3c77da24b604
- https://git.kernel.org/stable/c/e67e3be690f5f7e3b031cf29e8d91e6d02a8e30d
- https://git.kernel.org/stable/c/ec3797f043756a94ea2d0f106022e14ac4946c02