Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-21927

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length.

Published

2025-04-01T16:15:23.470

Last Modified

2025-10-01T20:18:33.740

Status

Modified

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 6.12.19	Yes
Operating System	linux	linux_kernel	< 6.13.7	Yes
Operating System	linux	linux_kernel	6.14	Yes
Operating System	linux	linux_kernel	6.14	Yes
Operating System	linux	linux_kernel	6.14	Yes
Operating System	linux	linux_kernel	6.14	Yes
Operating System	linux	linux_kernel	6.14	Yes

References

https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)