Wiz
Vulnerability DatabaseCVE-2025-40362

CVE-2025-40362
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix multifs mds auth caps issue

The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph cluster. The bug causes multiple issues w.r.t user authentication, following is one such example.

Steps to Reproduce (on vstart cluster):

  1. Create two file systems in a cluster, say 'fsname1' and 'fsname2'
  2. Authorize read only permission to the user 'client.usr' on fs 'fsname1' $ceph fs authorize fsname1 client.usr / r
  3. Authorize read and write permission to the same user 'client.usr' on fs 'fsname2' $ceph fs authorize fsname2 client.usr / rw
  4. Update the keyring $ceph auth get client.usr >> ./keyring

With above permssions for the user 'client.usr', following is the expectation. a. The 'client.usr' should be able to only read the contents and not allowed to create or delete files on file system 'fsname1'. b. The 'client.usr' should be able to read/write on file system 'fsname2'.

But, with this bug, the 'client.usr' is allowed to read/write on file system 'fsname1'. See below.

  1. Mount the file system 'fsname1' with the user 'client.usr' $sudo bin/mount.ceph usr@.fsname1=/ /kmnt_fsname1_usr/
  2. Try creating a file on file system 'fsname1' with user 'client.usr'. This should fail but passes with this bug. $touch /kmnt_fsname1_usr/file1
  3. Mount the file system 'fsname1' with the user 'client.admin' and create a file. $sudo bin/mount.ceph admin@.fsname1=/ /kmnt_fsname1_admin $echo "data" > /kmnt_fsname1_admin/admin_file1
  4. Try removing an existing file on file system 'fsname1' with the user 'client.usr'. This shoudn't succeed but succeeds with the bug. $rm -f /kmnt_fsname1_usr/admin_file1

For more information, please take a look at the corresponding mds/fuse patch and tests added by looking into the tracker mentioned below.

v2: Fix a possible null dereference in doutc v3: Don't store fsname from mdsmap, validate against ceph_mount_options's fsname and use it v4: Code refactor, better warning message and fix possible compiler warning

[ Slava.Dubeyko: "fsname check failed" -> "fsname mismatch" ]

SourceNVD

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-uki-virt-addons
NoNoJan 14, 2026
CVE-2025-71137N/AN/A
  • Linux KernelLinux Kernel
  • linux-azure-6.14
NoYesJan 14, 2026
CVE-2025-71135N/AN/A
  • Linux KernelLinux Kernel
  • kernel-debug-modules-internal
NoNoJan 14, 2026
CVE-2025-71134N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-modules-core
NoNoJan 14, 2026
CVE-2025-71133N/AN/A
  • Linux KernelLinux Kernel
  • linux-ibm-5.15
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo