SB2025062040 - NULL pointer dereference in Linux kernel nvme target driver
Published: June 20, 2025
Security Bulletin ID
SB2025062040
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc
- https://git.kernel.org/stable/c/3a982ada411b8c52695f1784c3f4784771f30209
- https://git.kernel.org/stable/c/46d22b47df2741996af277a2838b95f130436c13
- https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9
- https://git.kernel.org/stable/c/a21cb31642ffc84ca4ce55028212a96f72f54d30
- https://git.kernel.org/stable/c/c240375587ddcc80e1022f52ee32b946bbc3a639
- https://git.kernel.org/stable/c/ec462449f4cf616b0aa2ed119f5f44b5fdfcefab
- https://git.kernel.org/stable/c/fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e