Linux Kernel nvme-tcp Vulnerability in Admin Queue Configuration
CVE-2025-38209
Currently unrated
What is CVE-2025-38209?
A vulnerability exists in the Linux kernel's nvme-tcp implementation, where improper handling of the admin queue configuration can result in a use-after-free condition. Specifically, after configuring the admin queue for secure concatenation, if the second configuration fails, the tag set remains allocated. This oversight can lead to potential exploitation, as the timeout handler may access freed memory, triggering undefined behavior. Fixing this issue requires ensuring the tag set is removed during failure scenarios, thereby enhancing the stability and security of NVMe-TCP operations.
Affected Version(s)
Linux 104d0e2f622233477ef7e57e59e8a4c3bb062c82
Linux 104d0e2f622233477ef7e57e59e8a4c3bb062c82
Linux 6.15