2356593 – (CVE-2025-21927) CVE-2025-21927 kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

Bug 2356593 (CVE-2025-21927) - CVE-2025-21927 kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

Summary: CVE-2025-21927 kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_...

Keywords:
Status:	NEW
Alias:	CVE-2025-21927
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-01 16:01 UTC by OSIDB Bzimport
Modified:	2025-05-30 16:34 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2025:4470	None	None	None	2025-05-05 18:23:12 UTC
Red Hat Product Errata	RHSA-2025:4339	None	None	None	2025-04-30 00:38:02 UTC
Red Hat Product Errata	RHSA-2025:4340	None	None	None	2025-04-30 00:19:54 UTC
Red Hat Product Errata	RHSA-2025:4341	None	None	None	2025-04-30 01:02:04 UTC
Red Hat Product Errata	RHSA-2025:4469	None	None	None	2025-05-05 17:56:54 UTC
Red Hat Product Errata	RHSA-2025:4471	None	None	None	2025-05-05 18:09:48 UTC
Red Hat Product Errata	RHSA-2025:4496	None	None	None	2025-05-06 00:49:47 UTC
Red Hat Product Errata	RHSA-2025:4497	None	None	None	2025-05-06 00:51:04 UTC
Red Hat Product Errata	RHSA-2025:4498	None	None	None	2025-05-06 00:48:26 UTC
Red Hat Product Errata	RHSA-2025:4499	None	None	None	2025-05-06 01:04:02 UTC
Red Hat Product Errata	RHSA-2025:4509	None	None	None	2025-05-06 07:08:08 UTC
Red Hat Product Errata	RHSA-2025:7423	None	None	None	2025-05-13 11:55:19 UTC
Red Hat Product Errata	RHSA-2025:7501	None	None	None	2025-05-13 16:00:00 UTC

Description OSIDB Bzimport 2025-04-01 16:01:32 UTC

In the Linux kernel, the following vulnerability has been resolved:

nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

nvme_tcp_recv_pdu() doesn't check the validity of the header length.
When header digests are enabled, a target might send a packet with an
invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()
to access memory outside the allocated area and cause memory corruptions
by overwriting it with the calculated digest.

Fix this by rejecting packets with an unexpected header length.

Comment 1 Robb Gatica 2025-04-02 05:15:21 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21927-36d6@gregkh/T

Comment 2 errata-xmlrpc 2025-04-30 00:19:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4340 https://access.redhat.com/errata/RHSA-2025:4340

Comment 3 errata-xmlrpc 2025-04-30 00:38:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4339 https://access.redhat.com/errata/RHSA-2025:4339

Comment 4 errata-xmlrpc 2025-04-30 01:02:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4341 https://access.redhat.com/errata/RHSA-2025:4341

Comment 5 aruffin@redhat.com 2025-04-30 14:55:20 UTC

Hello,

https://access.redhat.com/errata/RHSA-2025:4339 is giving a 404 error when I visit it.  Is the URL correct?

Comment 6 aruffin@redhat.com 2025-05-05 17:35:46 UTC

Disregard, the link loads fine now

Comment 7 errata-xmlrpc 2025-05-05 17:56:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:4469 https://access.redhat.com/errata/RHSA-2025:4469

Comment 8 errata-xmlrpc 2025-05-05 18:09:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:4471 https://access.redhat.com/errata/RHSA-2025:4471

Comment 9 errata-xmlrpc 2025-05-06 00:48:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:4498 https://access.redhat.com/errata/RHSA-2025:4498

Comment 10 errata-xmlrpc 2025-05-06 00:49:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4496 https://access.redhat.com/errata/RHSA-2025:4496

Comment 11 errata-xmlrpc 2025-05-06 00:51:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:4497 https://access.redhat.com/errata/RHSA-2025:4497

Comment 12 errata-xmlrpc 2025-05-06 01:04:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4499 https://access.redhat.com/errata/RHSA-2025:4499

Comment 13 errata-xmlrpc 2025-05-06 07:08:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:4509 https://access.redhat.com/errata/RHSA-2025:4509

Comment 15 errata-xmlrpc 2025-05-13 11:55:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7423 https://access.redhat.com/errata/RHSA-2025:7423

Comment 16 errata-xmlrpc 2025-05-13 15:59:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7501 https://access.redhat.com/errata/RHSA-2025:7501

Note You need to log in before you can comment on or make changes to this bug.