PT-2025-14308 · Linux+9 · Linux Kernel+9
Published
2025-04-01
·
Updated
2026-05-26
·
CVE-2025-21927
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A potential memory corruption issue has been identified in the Linux kernel, specifically in the nvme-tcp module. The
nvme tcp recv pdu() function does not validate the header length, which can lead to memory corruption when header digests are enabled. If a target sends a packet with an invalid header length, the nvme tcp verify hdgst() function may access memory outside the allocated area, causing memory corruption by overwriting it with the calculated digest.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu