Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transports array, causing an out-of-bounds access: [ 106.058694] BUG: KASAN: global-out-of-bounds in nvmet_enable_port+0x42/0x1da [ 106.058719] Read of size 8 at addr ffffffff89dafa58 by task ln/632 [...] [ 106.076026] nvmet: transport type 255 not supported Since commit 200adac75888, NVMF_TRTYPE_MAX is the default state as configured by nvmet_ports_make(). Avoid this by checking for NVMF_TRTYPE_MAX before proceeding.

INFO

Published Date :

2025-05-08T06:26:18.094Z

Last Modified :

2025-05-26T05:21:41.660Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37825 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37825.

URL Resource
https://git.kernel.org/stable/c/3d7aa0c7b4e96cd460826d932e44710cdeb3378b cve-icon cve-icon
https://git.kernel.org/stable/c/83c00860a37b3fcba8026cb344101f1b8af547cf cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050822-CVE-2025-37825-547b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37825 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37825 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact