SB2025121676 - Out-of-bounds read in Linux kernel ceph
Published: December 16, 2025
Security Bulletin ID
SB2025121676
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-68284)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_auth_session_key() function in net/ceph/auth_x.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5ef575834ca99f719d7573cdece9df2fe2b72424
- https://git.kernel.org/stable/c/6920ff09bf911bc919cd7a6b7176fbdd1a6e6850
- https://git.kernel.org/stable/c/7fce830ecd0a0256590ee37eb65a39cbad3d64fc
- https://git.kernel.org/stable/c/8dfcc56af28cffb8f25fb9be37b3acc61f2a3d09
- https://git.kernel.org/stable/c/ccbccfba25e9aa395daaea156b5e7790910054c4
- https://git.kernel.org/stable/c/f22c55a20a2d9ffbbac57408d5d488cef8201e9d