CVE-2025-38660
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38660
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38660.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38660
- Downstream
- Related
- Published
- 2025-08-22T16:01:03.686Z
- Modified
- 2025-12-05T09:53:17.489802Z
- Summary
- [ceph] parse_longname(): strrchr() expects NUL-terminated string
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
[ceph] parse_longname(): strrchr() expects NUL-terminated string
... and parselongname() is not guaranteed that. That's the reason why it uses kmemdupnul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it.
Just get a NUL-terminated copy of the entire thing and be done with that...
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38660.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/101841c38346f4ca41dc1802c867da990ffb32eb
- https://git.kernel.org/stable/c/3145b2b11492d61c512bbc59660bb823bc757f48
- https://git.kernel.org/stable/c/493479af8af3ab907f49e99323777d498a4fbd2b
- https://git.kernel.org/stable/c/bb80f7618832d26f7e395f52f82b1dac76223e5f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38660.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38660
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd66df0053ef84add5e684df517aa9b498342381Fixedbb80f7618832d26f7e395f52f82b1dac76223e5fFixed3145b2b11492d61c512bbc59660bb823bc757f48Fixed493479af8af3ab907f49e99323777d498a4fbd2bFixed101841c38346f4ca41dc1802c867da990ffb32eb
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.5
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7