Request List Handling Vulnerability in Linux Kernel by The Linux Foundation
CVE-2025-38264

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38264?

A vulnerability exists within the Linux kernel's nvme-tcp component that improperly handles request lists. Specifically, the issue arises in the nvme_tcp_handle_r2t() function, where it fails to validate requests against any existing lists. This lack of validation opens the door for a maliciously crafted R2T Protocol Data Unit (PDU) to inject a loop in the request list processing, potentially leading to resource exhaustion or system instability. Ensuring proper request validation is crucial for maintaining the integrity and reliability of the Linux operating system.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 78a4adcd3fedb0728436e8094848ebf4c6bae006

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0bf04c874fcb1ae46a863034296e4b33d8fbd66c

References

https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094...

https://git.kernel.org/stable/c/f054ea62598197714a6ca7b3b...

https://git.kernel.org/stable/c/0bf04c874fcb1ae46a8630342...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025