Out-of-bounds Stack Access Vulnerability in Linux Kernel by The Linux Foundation
CVE-2025-39778

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
18 April 2025

Summary

A vulnerability exists in the Linux kernel's nvmet_ctrl_state_show() function where the iteration code exceeds the bounds of the csts_state_names[] array, leading to a potential out-of-bounds stack read. This flaw can cause unexpected behavior in the kernel, including warnings related to unexpected end of section in objtool and may impact system stability and security.

Affected Version(s)

Linux 649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 1adc93a525fdee8e2b311e6d5fd93eb69714ca05

Linux 649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 8fbf37a3577b4d64c150cafde338eee17b2f2ea4

Linux 649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 0cc0efc58d6c741b2868d4af24874d7fec28a575

References

https://git.kernel.org/stable/c/1adc93a525fdee8e2b311e6d5...
https://git.kernel.org/stable/c/8fbf37a3577b4d64c150cafde...
https://git.kernel.org/stable/c/0cc0efc58d6c741b2868d4af2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.