Description

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length.

INFO

Published Date :

2025-04-01T15:40:58.432Z

Last Modified :

2025-10-01T19:26:33.723Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21927 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel E4s
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21927.

URL Resource
https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126 cve-icon cve-icon
https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722 cve-icon cve-icon
https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21927-36d6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21927 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21927 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact