CVE-2025-38660 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...

PUBLISHED Reserved 2025-04-16 | Published 2025-08-22 | Updated 2025-09-29 | Assigner Linux

Product status

Default status

unaffected

dd66df0053ef84add5e684df517aa9b498342381 before bb80f7618832d26f7e395f52f82b1dac76223e5f

affected

dd66df0053ef84add5e684df517aa9b498342381 before 3145b2b11492d61c512bbc59660bb823bc757f48

affected

dd66df0053ef84add5e684df517aa9b498342381 before 493479af8af3ab907f49e99323777d498a4fbd2b

affected

dd66df0053ef84add5e684df517aa9b498342381 before 101841c38346f4ca41dc1802c867da990ffb32eb

affected

Default status

affected

6.6

affected

Any version before 6.6

unaffected

6.12.42

unaffected

6.15.10

unaffected

6.16.1

unaffected

6.17

unaffected

References

git.kernel.org/...c/bb80f7618832d26f7e395f52f82b1dac76223e5f

git.kernel.org/...c/3145b2b11492d61c512bbc59660bb823bc757f48

git.kernel.org/...c/493479af8af3ab907f49e99323777d498a4fbd2b

git.kernel.org/...c/101841c38346f4ca41dc1802c867da990ffb32eb

cve.org (CVE-2025-38660)

nvd.nist.gov (CVE-2025-38660)

Download JSON

help @ threatint.eu