CVE-2025-21927

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21927

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21927.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21927

Downstream

BELL-CVE-2025-21927

DEBIAN-CVE-2025-21927

ECHO-211c-7c37-ee75

MINI-829w-8gj5-5fv8

OESA-2025-1446

OESA-2025-1450

OESA-2025-1727

OESA-2025-1728

RHSA-2025:4339

RHSA-2025:4340

RHSA-2025:4341

RHSA-2025:4469

RHSA-2025:4471

RHSA-2025:4496

RHSA-2025:4497

RHSA-2025:4498

RHSA-2025:4499

RHSA-2025:4509

RHSA-2025:7423

RHSA-2025:7501

RLSA-2025:4341

SUSE-SU-2025:01600-1

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-21927

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

USN-7764-1

USN-7764-2

USN-7765-1

USN-7766-1

USN-7767-1

USN-7767-2

USN-7779-1

USN-7790-1

USN-7800-1

USN-7801-1

USN-7801-2

USN-7802-1

Related

Published

2025-04-01T16:15:23Z

Modified

2025-10-01T20:18:33Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

nvme-tcp: fix potential memory corruption in nvmetcprecv_pdu()

nvmetcprecvpdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvmetcpverifyhdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest.

Fix this by rejecting packets with an unexpected header length.

References

Affected packages