CVE-2025-21927

Published: Apr 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length.

Vendor	Product	Versions
Linux	Linux	affected `3f2304f8c6d6ed97849057bd16fee99e434ca796 - < 9fbc953d6b38bc824392e01850f0aeee3b348722` affected `3f2304f8c6d6ed97849057bd16fee99e434ca796 - < 22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126` affected `3f2304f8c6d6ed97849057bd16fee99e434ca796 - < ad95bab0cd28ed77c2c0d0b6e76e03e031391064`
Linux	Linux	affected `5.0` unaffected `0 - < 5.0` unaffected `6.12.19 - <= 6.12.` unaffected `6.13.7 - <= 6.13.` unaffected `6.14 - <= *`

References

https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722

https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126

https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21927

Description

Affected Products

References