Linux Kernel Vulnerability in Ceph Affects String Parsing Functionality
CVE-2025-38660
What is CVE-2025-38660?
A vulnerability exists within the Linux kernel related to the handling of NUL-terminated strings in the Ceph module. Specifically, the function parse_longname() fails to ensure that strings are properly NUL-terminated, leading to potential issues when passing these strings to other functions, such as kstrtou64(). This oversight could result in unexpected behavior or data corruption when handling strings in certain conditions. The kernel has been updated to ensure that a NUL-terminated copy is used consistently, reinforcing the integrity of string operations throughout the affected modules.
Affected Version(s)
Linux dd66df0053ef84add5e684df517aa9b498342381
Linux dd66df0053ef84add5e684df517aa9b498342381 < 3145b2b11492d61c512bbc59660bb823bc757f48
Linux dd66df0053ef84add5e684df517aa9b498342381 < 493479af8af3ab907f49e99323777d498a4fbd2b