cve 2025 68283

CVE-2025-68283 is a Linux kernel vulnerability in the Ceph client library (libceph) that was patched in December 2025. The fix replaces dangerous BUG_ON assertions with proper bounds checks to prevent out-of-bounds access from untrusted OSD indexes in network packets. This vulnerability could lead to memory corruption or denial-of-service in systems processing malicious Ceph map updates. The patch specifically addresses code paths in ceph_get_primary_affinity and related functions, adding explicit checks against map->max_osd. The vulnerability is classified as important-to-moderate by vendors. This tag covers discussions about the CVE-2025-68283 kernel fix, its impact on Ceph storage systems, and the defensive coding changes made to improve security.