You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38660
About this tag
CVE-2025-38660 is a Linux kernel vulnerability in the Ceph filesystem code, specifically in the parse_longname function, which can pass a non-NUL-terminated string to routines expecting NUL-terminated input. Microsoft has confirmed that Azure Linux includes the affected open-source library and is potentially impacted. This tag covers discussions about the vulnerability's implications for Microsoft products, particularly Azure Linux, and the scope of Microsoft's attestation. It is relevant for IT professionals and security researchers tracking Linux kernel flaws and their impact on enterprise cloud environments.
Microsoft’s short statement that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate—and useful for Azure customers—but it is a product‑scoped attestation, not a categorical claim that no other Microsoft product can contain the same vulnerable Ceph...