We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38264

nvme-tcp: sanitize request list handling



Description

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.

Reserved 2025-04-16 | Published 2025-07-09 | Updated 2025-07-11 | Assigner Linux

Product status

Default status
unaffected

3f2304f8c6d6ed97849057bd16fee99e434ca796 before 78a4adcd3fedb0728436e8094848ebf4c6bae006
affected

3f2304f8c6d6ed97849057bd16fee99e434ca796 before f054ea62598197714a6ca7b3b387a027308f8b13
affected

3f2304f8c6d6ed97849057bd16fee99e434ca796 before 0bf04c874fcb1ae46a863034296e4b33d8fbd66c
affected

Default status
affected

5.0
affected

Any version before 5.0
unaffected

6.12.36
unaffected

6.15.5
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/78a4adcd3fedb0728436e8094848ebf4c6bae006

git.kernel.org/...c/f054ea62598197714a6ca7b3b387a027308f8b13

git.kernel.org/...c/0bf04c874fcb1ae46a863034296e4b33d8fbd66c

cve.org (CVE-2025-38264)

nvd.nist.gov (CVE-2025-38264)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38264

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.