CVE-2025-38660 in Linux
Summary
by MITRE • 08/22/2025
In the Linux kernel, the following vulnerability has been resolved:
[ceph] parse_longname(): strrchr() expects NUL-terminated string
... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it.
Just get a NUL-terminated copy of the entire thing and be done with that...
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/29/2026
The vulnerability CVE-2025-38660 resides within the Linux kernel's Ceph storage subsystem, specifically in the parse_longname() function that handles parsing of long names in Ceph filesystem operations. This flaw represents a classic buffer management issue where the function assumes input strings are properly null-terminated, yet the underlying data processing does not guarantee this condition. The vulnerability stems from improper handling of string boundaries within kernel space operations, creating a potential path for memory corruption or information disclosure when processing Ceph filesystem metadata. The issue manifests when the kernel attempts to parse long names in Ceph filesystem operations, particularly in contexts where string manipulation occurs without proper null-termination validation.
The technical implementation flaw occurs because the parse_longname() function utilizes kmemdup_nul() to create a null-terminated copy of input data for processing with kstrtou64(), but this approach fails to account for all functions that may require the same null-terminated string. The function's design assumes that kstrtou64() is the sole consumer of the null-terminated string, but other operations within the same code path may also require the same string format. This oversight creates a potential race condition or memory access violation when multiple consumers attempt to access the same memory region with different assumptions about string boundaries. The vulnerability is classified under CWE-129 as an Improper Validation of Array Index, and specifically relates to CWE-787 Out-of-bounds Write, as the function may write beyond allocated buffer boundaries when processing improperly terminated strings.
The operational impact of this vulnerability extends to systems running Ceph storage clusters that process long filenames or metadata with complex naming conventions. Attackers could potentially exploit this issue to cause kernel crashes, memory corruption, or in more sophisticated scenarios, achieve privilege escalation or information disclosure. The vulnerability affects systems where Ceph filesystem operations are actively used, particularly in enterprise storage environments, cloud infrastructure, and distributed computing platforms that rely on Ceph for storage management. The threat is elevated in environments where the kernel handles numerous concurrent Ceph operations, as the race condition could be triggered more frequently under high load conditions, potentially leading to denial of service or system instability. This vulnerability aligns with ATT&CK technique T1068 for Local Privilege Escalation and T1499 for Endpoint Denial of Service, as it can be leveraged to compromise system availability and potentially gain elevated privileges.
Mitigation strategies should focus on ensuring proper string handling throughout the kernel's Ceph subsystem. The recommended fix involves creating a single null-terminated copy of the entire input string before processing, rather than relying on multiple functions to independently handle string termination. System administrators should prioritize kernel updates containing the patched Ceph implementation, while monitoring for potential denial of service conditions in environments handling high volumes of Ceph filesystem operations. Organizations should also implement robust kernel security configurations and consider deploying intrusion detection systems to monitor for unusual kernel memory access patterns. The fix should be applied across all systems running affected kernel versions, with particular attention to storage servers and distributed computing environments where Ceph is actively utilized, as these environments represent the highest risk for exploitation of this particular vulnerability.