CVE-2025-21927 Information

Description

In the Linux kernel the following vulnerability has been resolved:

nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

nvme_tcp_recv_pdu() doesn’t check the validity of the header length. When header digests are enabled a target might send a packet with an invalid header length (e.g. 255) causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest.

Fix this by rejecting packets with an unexpected header length.

Reference

https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126 https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722 https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064