Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-38660

Опубликовано: 22 авг. 2025
Источник: redhat
CVSS3: 5.9

Описание

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...

Отчет

parse_longname() called strrchr() on a buffer that wasn’t guaranteed to be NUL-terminated, which could lead to out-of-bounds reads and kernel faults when parsing encrypted “long” snapshot names. The fix makes a NUL-terminated copy of the full input and avoids transient sub-copies, ensuring safe delimiter search and numeric parsing. Practically, a malicious or misconfigured Ceph server/export supplying crafted snapshot names could trigger a client kernel crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelFix deferred
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-170
https://bugzilla.redhat.com/show_bug.cgi?id=2390343kernel: [ceph] parse_longname(): strrchr() expects NUL-terminated string

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-38660

ubuntu
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...

nvd логотип

CVE-2025-38660

nvd
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...

msrc логотип

CVE-2025-38660

msrc
2 месяца назад

[ceph] parse_longname(): strrchr() expects NUL-terminated string

debian логотип

CVE-2025-38660

debian
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: [ ...

github логотип

GHSA-c68j-74mr-g84m

github
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that...

5.9 Medium

CVSS3