CVE-2025-21646: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21646 affects the Linux kernel's kafs (kernel AFS) filesystem implementation. The vulnerability was discovered on January 19, 2025, and involves an issue with cell name length handling. The kafs filesystem previously limited the maximum length of a cell name to 256 bytes, which could cause failures when creating directories under /proc/net/afs/ due to procfs's 255-character filename length limitation (Kernel Git).

The vulnerability stems from a mismatch between the kafs filesystem's maximum cell name length (256 bytes) and procfs's filename length limitation (255 characters). When attempting to create a directory under /proc/net/afs/ with a cell name at the maximum length, it would trigger a warning: 'WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405'. Additionally, DNS imposes a limit of 255 bytes minus two (for length count and trailing NUL) on lookup length and cell names (Kernel Git).

The issue could prevent the creation of directories under /proc/net/afs/ when using cell names at the maximum length, potentially affecting system functionality and AFS filesystem operations. This could impact systems using the kafs filesystem with long cell names (Debian Security).

The issue has been fixed by limiting the maximum acceptable cellname length to 253 bytes, which accommodates both the procfs limitation and DNS requirements. The fix also includes splitting the YFS VL record cell name maximum to be 256 as allowed by the protocol while ignoring records that exceed 253 bytes. The patch has been included in various Linux kernel versions, with Debian's bookworm release receiving the fix in version 6.1.128-1 (Debian Security).