Memory Corruption Vulnerability in Linux Kernel nvme-tcp Component
CVE-2025-21927

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

A vulnerability in the nvme-tcp component of the Linux kernel allows for potential memory corruption due to improper validation of header lengths in received packets. When header digests are enabled, malicious actors could exploit this flaw by sending packets with invalid header lengths, such as 255. This can lead to the nvme_tcp_verify_hdgst function attempting to access memory outside allocated areas, potentially overwriting critical data with calculated digests. The vulnerability has been addressed by implementing checks to reject packets with unexpected header lengths, enhancing overall system security.

Affected Version(s)

Linux 3f2304f8c6d6ed97849057bd16fee99e434ca796 < 9fbc953d6b38bc824392e01850f0aeee3b348722

Linux 3f2304f8c6d6ed97849057bd16fee99e434ca796 < 22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126

Linux 3f2304f8c6d6ed97849057bd16fee99e434ca796

References

https://git.kernel.org/stable/c/9fbc953d6b38bc824392e0185...

https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72e...

https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024