CVE-2025-68297

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ceph: fix crash in process_v2_sparse_read() for encrypted directories<br /> <br /> The crash in process_v2_sparse_read() for fscrypt-encrypted directories<br /> has been reported. Issue takes place for Ceph msgr2 protocol in secure<br /> mode. It can be reproduced by the steps:<br /> <br /> sudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure<br /> <br /> (1) mkdir /mnt/cephfs/fscrypt-test-3<br /> (2) cp area_decrypted.tar /mnt/cephfs/fscrypt-test-3<br /> (3) fscrypt encrypt --source=raw_key --key=./my.key /mnt/cephfs/fscrypt-test-3<br /> (4) fscrypt lock /mnt/cephfs/fscrypt-test-3<br /> (5) fscrypt unlock --key=my.key /mnt/cephfs/fscrypt-test-3<br /> (6) cat /mnt/cephfs/fscrypt-test-3/area_decrypted.tar<br /> (7) Issue has been triggered<br /> <br /> [ 408.072247] ------------[ cut here ]------------<br /> [ 408.072251] WARNING: CPU: 1 PID: 392 at net/ceph/messenger_v2.c:865<br /> ceph_con_v2_try_read+0x4b39/0x72f0<br /> [ 408.072267] Modules linked in: intel_rapl_msr intel_rapl_common<br /> intel_uncore_frequency_common intel_pmc_core pmt_telemetry pmt_discovery<br /> pmt_class intel_pmc_ssram_telemetry intel_vsec kvm_intel joydev kvm irqbypass<br /> polyval_clmulni ghash_clmulni_intel aesni_intel rapl input_leds psmouse<br /> serio_raw i2c_piix4 vga16fb bochs vgastate i2c_smbus floppy mac_hid qemu_fw_cfg<br /> pata_acpi sch_fq_codel rbd msr parport_pc ppdev lp parport efi_pstore<br /> [ 408.072304] CPU: 1 UID: 0 PID: 392 Comm: kworker/1:3 Not tainted 6.17.0-rc7+<br /> [ 408.072307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS<br /> 1.17.0-5.fc42 04/01/2014<br /> [ 408.072310] Workqueue: ceph-msgr ceph_con_workfn<br /> [ 408.072314] RIP: 0010:ceph_con_v2_try_read+0x4b39/0x72f0<br /> [ 408.072317] Code: c7 c1 20 f0 d4 ae 50 31 d2 48 c7 c6 60 27 d5 ae 48 c7 c7 f8<br /> 8e 6f b0 68 60 38 d5 ae e8 00 47 61 fe 48 83 c4 18 e9 ac fc ff ff 0b e9 06<br /> fe ff ff 4c 8b 9d 98 fd ff ff 0f 84 64 e7 ff ff 89 85<br /> [ 408.072319] RSP: 0018:ffff88811c3e7a30 EFLAGS: 00010246<br /> [ 408.072322] RAX: ffffed1024874c6f RBX: ffffea00042c2b40 RCX: 0000000000000f38<br /> [ 408.072324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> [ 408.072325] RBP: ffff88811c3e7ca8 R08: 0000000000000000 R09: 00000000000000c8<br /> [ 408.072326] R10: 00000000000000c8 R11: 0000000000000000 R12: 00000000000000c8<br /> [ 408.072327] R13: dffffc0000000000 R14: ffff8881243a6030 R15: 0000000000003000<br /> [ 408.072329] FS: 0000000000000000(0000) GS:ffff88823eadf000(0000)<br /> knlGS:0000000000000000<br /> [ 408.072331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 408.072332] CR2: 000000c0003c6000 CR3: 000000010c106005 CR4: 0000000000772ef0<br /> [ 408.072336] PKRU: 55555554<br /> [ 408.072337] Call Trace:<br /> [ 408.072338] <br /> [ 408.072340] ? sched_clock_noinstr+0x9/0x10<br /> [ 408.072344] ? __pfx_ceph_con_v2_try_read+0x10/0x10<br /> [ 408.072347] ? _raw_spin_unlock+0xe/0x40<br /> [ 408.072349] ? finish_task_switch.isra.0+0x15d/0x830<br /> [ 408.072353] ? __kasan_check_write+0x14/0x30<br /> [ 408.072357] ? mutex_lock+0x84/0xe0<br /> [ 408.072359] ? __pfx_mutex_lock+0x10/0x10<br /> [ 408.072361] ceph_con_workfn+0x27e/0x10e0<br /> [ 408.072364] ? metric_delayed_work+0x311/0x2c50<br /> [ 408.072367] process_one_work+0x611/0xe20<br /> [ 408.072371] ? __kasan_check_write+0x14/0x30<br /> [ 408.072373] worker_thread+0x7e3/0x1580<br /> [ 408.072375] ? __pfx__raw_spin_lock_irqsave+0x10/0x10<br /> [ 408.072378] ? __pfx_worker_thread+0x10/0x10<br /> [ 408.072381] kthread+0x381/0x7a0<br /> [ 408.072383] ? __pfx__raw_spin_lock_irq+0x10/0x10<br /> [ 408.072385] ? __pfx_kthread+0x10/0x10<br /> [ 408.072387] ? __kasan_check_write+0x14/0x30<br /> [ 408.072389] ? recalc_sigpending+0x160/0x220<br /> [ 408.072392] ? _raw_spin_unlock_irq+0xe/0x50<br /> [ 408.072394] ? calculate_sigpending+0x78/0xb0<br /> [ 408.072395] ? __pfx_kthread+0x10/0x10<br /> [ 408.072397] ret_from_fork+0x2b6/0x380<br /> [ 408.072400] ? __pfx_kthread+0x10/0x10<br /> [ 408.072402] ret_from_fork_asm+0x1a/0x30<br /> [ 408.072406] <br /> [ 408.072407] ---[ end trace 0000000000000000 ]---<br /> [ 408.072418] Oops: general protection fault, probably for non-canonical<br /> address 0xdffffc00000000<br /> ---truncated---