CVE-2025-68284

Dec. 18, 2025, 3:08 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the connection secret or processing service tickets. [ idryomov: changelog ]

Product(s) Impacted

Product Versions

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/5ef575834ca99f719d7573cdece9df2fe2b72424
https://git.kernel.org/stable/c/6920ff09bf911bc919cd7a6b7176fbdd1a6e6850
https://git.kernel.org/stable/c/7fce830ecd0a0256590ee37eb65a39cbad3d64fc
https://git.kernel.org/stable/c/8dfcc56af28cffb8f25fb9be37b3acc61f2a3d09
https://git.kernel.org/stable/c/ccbccfba25e9aa395daaea156b5e7790910054c4
https://git.kernel.org/stable/c/f22c55a20a2d9ffbbac57408d5d488cef8201e9d

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-16
CVE-2025-68284

Timeline

Published: Dec. 16, 2025, 4:16 p.m.
Last Modified: Dec. 18, 2025, 3:08 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.