DEBIAN-CVE-2025-68297

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in processv2sparseread() for encrypted directories The crash in processv2sparseread() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced by the steps: sudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,msmode=secure (1) mkdir /mnt/cephfs/fscrypt-test-3 (2) cp areadecrypted.tar /mnt/cephfs/fscrypt-test-3 (3) fscrypt encrypt --source=rawkey --key=./my.key /mnt/cephfs/fscrypt-test-3 (4) fscrypt lock /mnt/cephfs/fscrypt-test-3 (5) fscrypt unlock --key=my.key /mnt/cephfs/fscrypt-test-3 (6) cat /mnt/cephfs/fscrypt-test-3/areadecrypted.tar (7) Issue has been triggered [ 408.072247] ------------[ cut here ]------------ [ 408.072251] WARNING: CPU: 1 PID: 392 at net/ceph/messengerv2.c:865 cephconv2tryread+0x4b39/0x72f0 [ 408.072267] Modules linked in: intelraplmsr intelraplcommon inteluncorefrequencycommon intelpmccore pmttelemetry pmtdiscovery pmtclass intelpmcssramtelemetry intelvsec kvmintel joydev kvm irqbypass polyvalclmulni ghashclmulniintel aesniintel rapl inputleds psmouse serioraw i2cpiix4 vga16fb bochs vgastate i2csmbus floppy machid qemufwcfg pataacpi schfqcodel rbd msr parportpc ppdev lp parport efipstore [ 408.072304] CPU: 1 UID: 0 PID: 392 Comm: kworker/1:3 Not tainted 6.17.0-rc7+ [ 408.072307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-5.fc42 04/01/2014 [ 408.072310] Workqueue: ceph-msgr cephconworkfn [ 408.072314] RIP: 0010:cephconv2tryread+0x4b39/0x72f0 [ 408.072317] Code: c7 c1 20 f0 d4 ae 50 31 d2 48 c7 c6 60 27 d5 ae 48 c7 c7 f8 8e 6f b0 68 60 38 d5 ae e8 00 47 61 fe 48 83 c4 18 e9 ac fc ff ff <0f> 0b e9 06 fe ff ff 4c 8b 9d 98 fd ff ff 0f 84 64 e7 ff ff 89 85 [ 408.072319] RSP: 0018:ffff88811c3e7a30 EFLAGS: 00010246 [ 408.072322] RAX: ffffed1024874c6f RBX: ffffea00042c2b40 RCX: 0000000000000f38 [ 408.072324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 408.072325] RBP: ffff88811c3e7ca8 R08: 0000000000000000 R09: 00000000000000c8 [ 408.072326] R10: 00000000000000c8 R11: 0000000000000000 R12: 00000000000000c8 [ 408.072327] R13: dffffc0000000000 R14: ffff8881243a6030 R15: 0000000000003000 [ 408.072329] FS: 0000000000000000(0000) GS:ffff88823eadf000(0000) knlGS:0000000000000000 [ 408.072331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 408.072332] CR2: 000000c0003c6000 CR3: 000000010c106005 CR4: 0000000000772ef0 [ 408.072336] PKRU: 55555554 [ 408.072337] Call Trace: [ 408.072338] <TASK> [ 408.072340] ? schedclocknoinstr+0x9/0x10 [ 408.072344] ? pfxcephconv2tryread+0x10/0x10 [ 408.072347] ? _rawspinunlock+0xe/0x40 [ 408.072349] ? finishtaskswitch.isra.0+0x15d/0x830 [ 408.072353] ? _kasancheckwrite+0x14/0x30 [ 408.072357] ? mutexlock+0x84/0xe0 [ 408.072359] ? _pfxmutexlock+0x10/0x10 [ 408.072361] cephconworkfn+0x27e/0x10e0 [ 408.072364] ? metricdelayedwork+0x311/0x2c50 [ 408.072367] processonework+0x611/0xe20 [ 408.072371] ? _kasancheckwrite+0x14/0x30 [ 408.072373] workerthread+0x7e3/0x1580 [ 408.072375] ? _pfxrawspinlockirqsave+0x10/0x10 [ 408.072378] ? pfxworkerthread+0x10/0x10 [ 408.072381] kthread+0x381/0x7a0 [ 408.072383] ? _pfxrawspinlockirq+0x10/0x10 [ 408.072385] ? _pfxkthread+0x10/0x10 [ 408.072387] ? _kasancheckwrite+0x14/0x30 [ 408.072389] ? recalcsigpending+0x160/0x220 [ 408.072392] ? rawspinunlockirq+0xe/0x50 [ 408.072394] ? calculatesigpending+0x78/0xb0 [ 408.072395] ? _pfxkthread+0x10/0x10 [ 408.072397] retfromfork+0x2b6/0x380 [ 408.072400] ? _pfxkthread+0x10/0x10 [ 408.072402] retfromforkasm+0x1a/0x30 [ 408.072406] </TASK> [ 408.072407] ---[ end trace 0000000000000000 ]--- [ 408.072418] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000 ---truncated---