CVE-2025-68297 — Use of Uninitialized Resource in Linux

CWE-908 — Use of Uninitialized Resource37 documents8 sources

Severity

7.2HIGHOSV

OSV3.2

No vector

EPSS

0.0%

top 89.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedDec 16

Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced by the steps: sudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure (1) mkdir /mnt/cephfs/fscrypt-test-3 (2) cp area_decrypted.tar /mnt/cephfs/fscrypt-test-3 (3) fscryp…

Affected Packages6 packages

▶Linuxlinux/linux_kernel6.7.0 — 6.12.61+2

▶Debianlinux/linux_kernel< 6.12.63-1+1

▶Ubuntulinux/linux_kernel< 6.8.0-106.106+1

▶msrcmsrc/azl3_kernel_6.6.117.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxda9c33a70f095d5d55c36d0bfeba969e31de08ae — 5a3f3e39b18705bc578fae58abacc8ef93c15194+5

🔴Vulnerability Details

OSV

linux-oem-6.17 vulnerabilities↗2026-04-06

▶

OSV

linux-raspi, linux-raspi-realtime vulnerabilities↗2026-04-01

▶

OSV

linux-raspi vulnerabilities↗2026-04-01

▶

OSV

linux-azure, linux-azure-6.17 vulnerabilities↗2026-03-25

▶

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-04-06

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68297 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶