CVE-2025-68283 in Linux
Summary
by MITRE • 12/16/2025
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace BUG_ON with bounds check for map->max_osd
OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map->max_osd.
[ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic
edits ]
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/22/2026
The vulnerability identified as CVE-2025-68283 affects the Linux kernel's Ceph distributed storage system implementation within the libceph library. This issue stems from inadequate input validation mechanisms when processing OSD (Object Storage Daemon) indexes that originate from network packets transmitted over untrusted networks. The root cause lies in the improper handling of boundary conditions within the Ceph storage protocol implementation, specifically in how the system validates incoming data against established limits.
The technical flaw manifests when the system encounters OSD index values from network packets that exceed the established maximum OSD count defined by map->max_osd. Previously, the implementation relied on BUG_ON macros which would cause immediate kernel panics when these boundary conditions were violated. This approach proved problematic because it did not gracefully handle malformed or malicious input data, instead terminating the entire kernel execution process. The vulnerability represents a classic case of insufficient bounds checking and input validation, which aligns with CWE-129 and CWE-707 categories related to improper input validation and security-relevant weaknesses in system implementations.
The operational impact of this vulnerability extends beyond simple system crashes to potentially enable denial-of-service attacks against Ceph storage clusters. An attacker capable of sending malicious network packets containing oversized OSD index values could force the kernel to panic and reboot, disrupting storage services and potentially causing data unavailability. This weakness affects systems using the Ceph distributed storage protocol where network communication between clients and storage daemons occurs, particularly impacting enterprise storage infrastructures that rely on Ceph for large-scale data management. The vulnerability demonstrates how untrusted network inputs can be exploited to compromise system stability through improper error handling mechanisms.
The resolution implemented addresses the core issue by replacing the problematic BUG_ON macro with proper bounds checking mechanisms that validate incoming OSD index values against the map->max_osd limit. This change ensures that when invalid values are encountered, the system can gracefully handle the error condition rather than immediately crashing the kernel. The fix incorporates defensive programming practices that align with ATT&CK technique T1499.004 related to network denial of service attacks and follows secure coding principles that prevent system instability through proper input validation. Additionally, the modification includes minor cosmetic edits to the ceph_get_primary_affinity() function, suggesting a broader code quality improvement effort that enhances overall system robustness and maintainability.