CVE-2025-38660

... and parselongname() is not guaranteed that. That's the reason why it uses kmemdupnul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it.

Just get a NUL-terminated copy of the entire thing and be done with that...

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd66df0053ef84add5e684df517aa9b498342381

Fixed

bb80f7618832d26f7e395f52f82b1dac76223e5f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd66df0053ef84add5e684df517aa9b498342381

Fixed

3145b2b11492d61c512bbc59660bb823bc757f48

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd66df0053ef84add5e684df517aa9b498342381

Fixed

493479af8af3ab907f49e99323777d498a4fbd2b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd66df0053ef84add5e684df517aa9b498342381

Fixed

101841c38346f4ca41dc1802c867da990ffb32eb

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.4

v6.12.40

v6.12.41

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.15.3

v6.15.4

v6.15.5

v6.15.6

v6.15.7

v6.15.8

v6.15.9

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.5

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-38660-3716ff3f",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "333942606433025950773895678076562067372",
                "253583627024393542112303888476689796092",
                "41597772511042752766956119778939785843",
                "78337855123953636005699630218850439423",
                "39502279874015890844467851440208351869",
                "99693541254094779511813132478084718324",
                "7163494683185636359198456128636024633",
                "68951150642252900048142990350438121883",
                "340261368096086117707614613535039094779",
                "156290008169075554504640657887003257214",
                "11765829410649654550235963363030038609",
                "132524897977746551255100724021184668629",
                "155005157811455713774098310352063272427",
                "151566608928872687457339365304549671418",
                "242855792217463885166563907247069571220",
                "10384099957588795504529924736934823554",
                "339644698777451846859469156709427808575",
                "322777869593795351756716847377616656451",
                "207462222596877084038939848229239565344",
                "240507308059471959852921936290872403453",
                "200587908078350051037470836032823488006",
                "301004563164095395446611069610712105602",
                "51576886104997955854310438472942416702",
                "243172980513836214455912533398391610222",
                "62800494649611974852887702918078370209",
                "52850453494082138558045289003508528300",
                "47041999392450008588178338627962418633",
                "106746376781033749328579426043866822864",
                "203929454512550471950935307891424959536",
                "42973937187353357195802438902547228580",
                "303667919687084938620087094511337298468",
                "198954637952431343928375031634437791359",
                "46807201942264224430831578505261870060"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@101841c38346f4ca41dc1802c867da990ffb32eb",
        "target": {
            "file": "fs/ceph/crypto.c"
        }
    },
    {
        "id": "CVE-2025-38660-f43fcf22",
        "signature_version": "v1",
        "digest": {
            "function_hash": "137497004032377281113931029141777262145",
            "length": 1054.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@101841c38346f4ca41dc1802c867da990ffb32eb",
        "target": {
            "file": "fs/ceph/crypto.c",
            "function": "parse_longname"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.12.42

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.10

Type: ECOSYSTEM
Events: Introduced

6.16.0

Fixed

6.16.1