Close Menu

    CVE-2025-38223 – Ceph: Kernel BUG on encrypted inode with unaligned file size

    CVE ID : CVE-2025-38223

    Published : July 4, 2025, 2:15 p.m. | 4 hours, 57 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    ceph: avoid kernel BUG for encrypted inode with unaligned file size

    The generic/397 test hits a BUG_ON for the case of encrypted inode with
    unaligned file size (for example, 33K or 1K):

    [ 877.737811] run fstests generic/397 at 2025-01-03 12:34:40
    [ 877.875761] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 877.876130] libceph: client4614 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 877.991965] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 877.992334] libceph: client4617 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 878.017234] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 878.017594] libceph: client4620 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 878.031394] xfs_io (pid 18988) is setting deprecated v1 encryption policy; recommend upgrading to v2.
    [ 878.054528] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 878.054892] libceph: client4623 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 878.070287] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 878.070704] libceph: client4626 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 878.264586] libceph: mon0 (2)127.0.0.1:40674 session established
    [ 878.265258] libceph: client4629 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949
    [ 878.374578] ———–[ cut here ]————
    [ 878.374586] kernel BUG at net/ceph/messenger.c:1070!
    [ 878.375150] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
    [ 878.378145] CPU: 2 UID: 0 PID: 4759 Comm: kworker/2:9 Not tainted 6.13.0-rc5+ #1
    [ 878.378969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
    [ 878.380167] Workqueue: ceph-msgr ceph_con_workfn
    [ 878.381639] RIP: 0010:ceph_msg_data_cursor_init+0x42/0x50
    [ 878.382152] Code: 89 17 48 8b 46 70 55 48 89 47 08 c7 47 18 00 00 00 00 48 89 e5 e8 de cc ff ff 5d 31 c0 31 d2 31 f6 31 ff c3 cc cc cc cc 0f 0b 0b 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90
    [ 878.383928] RSP: 0018:ffffb4ffc7cbbd28 EFLAGS: 00010287
    [ 878.384447] RAX: ffffffff82bb9ac0 RBX: ffff981390c2f1f8 RCX: 0000000000000000
    [ 878.385129] RDX: 0000000000009000 RSI: ffff981288232b58 RDI: ffff981390c2f378
    [ 878.385839] RBP: ffffb4ffc7cbbe18 R08: 0000000000000000 R09: 0000000000000000
    [ 878.386539] R10: 0000000000000000 R11: 0000000000000000 R12: ffff981390c2f030
    [ 878.387203] R13: ffff981288232b58 R14: 0000000000000029 R15: 0000000000000001
    [ 878.387877] FS: 0000000000000000(0000) GS:ffff9814b7900000(0000) knlGS:0000000000000000
    [ 878.388663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 878.389212] CR2: 00005e106a0554e0 CR3: 0000000112bf0001 CR4: 0000000000772ef0
    [ 878.389921] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [ 878.390620] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    [ 878.391307] PKRU: 55555554
    [ 878.391567] Call Trace:
    [ 878.391807]
    [ 878.392021] ? show_regs+0x71/0x90
    [ 878.392391] ? die+0x38/0xa0
    [ 878.392667] ? do_trap+0xdb/0x100
    [ 878.392981] ? do_error_trap+0x75/0xb0
    [ 878.393372] ? ceph_msg_data_cursor_init+0x42/0x50
    [ 878.393842] ? exc_invalid_op+0x53/0x80
    [ 878.394232] ? ceph_msg_data_cursor_init+0x42/0x50
    [ 878.394694] ? asm_exc_invalid_op+0x1b/0x20
    [ 878.395099] ? ceph_msg_data_cursor_init+0x42/0x50
    [ 878.395583] ? ceph_con_v2_try_read+0xd16/0x2220
    [ 878.396027] ? _raw_spin_unlock+0xe/0x40
    [ 878.396428] ? raw_spin_rq_unlock+0x10/0x40
    [ 878.396842] ? finish_task_switch.isra.0+0x97/0x310
    [ 878.397338] ? __schedule+0x44b/0x16b0
    [ 878.397738] ceph_con_workfn+0x326/0x750
    [ 878.398121] process_one_work+0x188/0x3d0
    [ 878.398522] ? __pfx_worker_thread+0x10/0x10
    [ 878.398929] worker_thread+0x2b5/0x3c0
    [ 878.399310] ? __pfx_worker_thread+0x10/0x10
    [ 878.399727] kthread+0xe1/0x120
    [ 878.400031] ? __pfx_kthread+0x10/0x10
    [ 878.400431] ret_from_fork+0x43/0x70
    [ 878.400771] ? __pfx_kthread+0x10/0x10
    [ 878.401127] ret_from_fork_asm+0x1a/0x30
    [ 878.401543]
    [ 878.401760] Modules l
    —truncated—

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Related Posts

    Leave A Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.