Linux Kernel up to 6.16.7/6.17-rc5 ceph fscrypt_encrypt_pagecache_blocks denial of service

Summaryinfo

A vulnerability was found in Linux Kernel up to 6.16.7/6.17-rc5. It has been classified as critical. This vulnerability affects the function fscrypt_encrypt_pagecache_blocks of the component ceph. This manipulation causes denial of service. This vulnerability appears as CVE-2025-39878. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability classified as critical was found in Linux Kernel up to 6.16.7/6.17-rc5. Affected by this vulnerability is the function fscrypt_encrypt_pagecache_blocks of the component ceph. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit ce80b76dd327 ("ceph: introduce ceph_process_folio_batch() method") by moving code from ceph_writepages_start() to this function. This new function is supposed to return an error code which is checked by the caller (now ceph_process_folio_batch()), and on error, the caller invokes redirty_page_for_writepage() and then breaks from the loop. However, the refactoring commit has gone wrong, and it by accident, it always returns 0 (= success) because it first NULLs the pointer and then returns PTR_ERR(NULL) which is always 0. This means errors are silently ignored, leaving NULL entries in the page array, which may later crash the kernel. The simple solution is to call PTR_ERR() before clearing the pointer.

It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2025-39878 since 04/16/2025. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 265870 (Linux Distros Unpatched Vulnerability : CVE-2025-39878), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.16.8 or 6.17-rc6 eliminates this vulnerability. Applying the patch dd1616ecbea920d228c56729461ed223cc501425/249e0a47cdb46bb9eae65511c569044bd8698d7d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (265870) and CERT Bund (WID-SEC-2025-2107). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Google Container-Optimized OS
• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• SUSE openSUSE
• Open Source Linux Kernel
• RESF Rocky Linux
• Dell Secure Connect Gateway
• IBM QRadar SIEM
• Dell NetWorker

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.16.0
• 6.16.1
• 6.16.2
• 6.16.3
• 6.16.4
• 6.16.5
• 6.16.6
• 6.16.7
• 6.17-rc1
• 6.17-rc2
• 6.17-rc3
• 6.17-rc4
• 6.17-rc5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion