Double Completion Vulnerability in Linux Kernel NVMe PCI EPF
CVE-2025-38658

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38658?

A vulnerability exists in the Linux Kernel's NVMe PCI EPF subsystem that can lead to double completion of commands when nvmet_req_init() fails. This occurs when an unsupported opcode is sent, triggering the nvmet_req_init() function to internally call __nvmet_req_complete() upon failure. As a result, both nvmet_pci_epf_queue_response() and nvmet_pci_epf_exec_iod_work() execute the completion callback, leading to two completions being sent to the host and potentially corrupting the state of the PCI NVMe target, culminating in a kernel oops. The fix ensures that both nvmet_req_init() and req->execute() handle failures correctly without causing double completions.

Affected Version(s)

Linux 0faa0fe6f90ea59b10d1b0f15ce0eb0c18eff186

Linux 0faa0fe6f90ea59b10d1b0f15ce0eb0c18eff186 < 746d0ac5a07d5da952ef258dd4d75f0b26c96476

Linux 6.14

References

https://git.kernel.org/stable/c/a535c0b10060bc8c174a7964b...

https://git.kernel.org/stable/c/746d0ac5a07d5da952ef258dd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025