fkie_cve-2025-38660
Vulnerability from fkie_nvd
Published
2025-08-22 16:15
Modified
2025-08-22 18:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/101841c38346f4ca41dc1802c867da990ffb32eb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3145b2b11492d61c512bbc59660bb823bc757f48
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/493479af8af3ab907f49e99323777d498a4fbd2b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bb80f7618832d26f7e395f52f82b1dac76223e5f
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n[ceph] parse_longname(): strrchr() expects NUL-terminated string\n\n... and parse_longname() is not guaranteed that.  That\u0027s the reason\nwhy it uses kmemdup_nul() to build the argument for kstrtou64();\nthe problem is, kstrtou64() is not the only thing that need it.\n\nJust get a NUL-terminated copy of the entire thing and be done\nwith that..."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: [ceph] parse_longname(): strrchr() espera una cadena terminada en NUL... y parse_longname() no lo garantiza. Por eso usa kmemdup_nul() para construir el argumento de kstrtou64(); el problema es que kstrtou64() no es el \u00fanico que lo necesita. Simplemente obtenga una copia terminada en NUL de todo el conjunto y listo."
    }
  ],
  "id": "CVE-2025-38660",
  "lastModified": "2025-08-22T18:08:51.663",
  "metrics": {},
  "published": "2025-08-22T16:15:41.193",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/101841c38346f4ca41dc1802c867da990ffb32eb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3145b2b11492d61c512bbc59660bb823bc757f48"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/493479af8af3ab907f49e99323777d498a4fbd2b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bb80f7618832d26f7e395f52f82b1dac76223e5f"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.