Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38658 (GCVE-0-2025-38658)
Vulnerability from cvelistv5
Published
2025-08-22 16:01
Modified
2025-09-29 05:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails
Have nvmet_req_init() and req->execute() complete failed commands.
Description of the problem:
nvmet_req_init() calls __nvmet_req_complete() internally upon failure,
e.g., unsupported opcode, which calls the "queue_response" callback,
this results in nvmet_pci_epf_queue_response() being called, which will
call nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is
different from DMA_TO_DEVICE. This results in a double completion as
nvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()
when nvmet_req_init() fails.
Steps to reproduce:
On the host send a command with an unsupported opcode with nvme-cli,
For example the admin command "security receive"
$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096
This triggers a double completion as nvmet_req_init() fails and
nvmet_pci_epf_queue_response() is called, here iod->dma_dir is still
in the default state of "DMA_NONE" as set by default in
nvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.
Because nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also
called in nvmet_pci_epf_exec_iod_work() leading to a double completion.
This not only sends two completions to the host but also corrupts the
state of the PCI NVMe target leading to kernel oops.
This patch lets nvmet_req_init() and req->execute() complete all failed
commands, and removes the double completion case in
nvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where
double completions occurred.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/pci-epf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a535c0b10060bc8c174a7964b0f98064ee0c4774",
"status": "affected",
"version": "0faa0fe6f90ea59b10d1b0f15ce0eb0c18eff186",
"versionType": "git"
},
{
"lessThan": "746d0ac5a07d5da952ef258dd4d75f0b26c96476",
"status": "affected",
"version": "0faa0fe6f90ea59b10d1b0f15ce0eb0c18eff186",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/pci-epf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.14"
},
{
"lessThan": "6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.1",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\n\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\n\nDescription of the problem:\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\ne.g., unsupported opcode, which calls the \"queue_response\" callback,\nthis results in nvmet_pci_epf_queue_response() being called, which will\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\ndifferent from DMA_TO_DEVICE. This results in a double completion as\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\nwhen nvmet_req_init() fails.\n\nSteps to reproduce:\nOn the host send a command with an unsupported opcode with nvme-cli,\nFor example the admin command \"security receive\"\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\n\nThis triggers a double completion as nvmet_req_init() fails and\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\nin the default state of \"DMA_NONE\" as set by default in\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\nThis not only sends two completions to the host but also corrupts the\nstate of the PCI NVMe target leading to kernel oops.\n\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\ncommands, and removes the double completion case in\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\ndouble completions occurred."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T05:55:39.448Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a535c0b10060bc8c174a7964b0f98064ee0c4774"
},
{
"url": "https://git.kernel.org/stable/c/746d0ac5a07d5da952ef258dd4d75f0b26c96476"
}
],
"title": "nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38658",
"datePublished": "2025-08-22T16:01:01.651Z",
"dateReserved": "2025-04-16T04:51:24.031Z",
"dateUpdated": "2025-09-29T05:55:39.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38658\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-22T16:15:40.907\",\"lastModified\":\"2025-08-22T18:08:51.663\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\\n\\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\\n\\nDescription of the problem:\\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\\ne.g., unsupported opcode, which calls the \\\"queue_response\\\" callback,\\nthis results in nvmet_pci_epf_queue_response() being called, which will\\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\\ndifferent from DMA_TO_DEVICE. This results in a double completion as\\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\\nwhen nvmet_req_init() fails.\\n\\nSteps to reproduce:\\nOn the host send a command with an unsupported opcode with nvme-cli,\\nFor example the admin command \\\"security receive\\\"\\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\\n\\nThis triggers a double completion as nvmet_req_init() fails and\\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\\nin the default state of \\\"DMA_NONE\\\" as set by default in\\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\\nThis not only sends two completions to the host but also corrupts the\\nstate of the PCI NVMe target leading to kernel oops.\\n\\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\\ncommands, and removes the double completion case in\\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\\ndouble completions occurred.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/746d0ac5a07d5da952ef258dd4d75f0b26c96476\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a535c0b10060bc8c174a7964b0f98064ee0c4774\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
wid-sec-w-2025-1898
Vulnerability from csaf_certbund
Published
2025-08-24 22:00
Modified
2025-10-30 23:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1898 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1898.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1898 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1898"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58239",
"url": "https://lore.kernel.org/linux-cve-announce/2025082210-CVE-2024-58239-dd4f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38616",
"url": "https://lore.kernel.org/linux-cve-announce/2025082212-CVE-2025-38616-64a8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38617",
"url": "https://lore.kernel.org/linux-cve-announce/2025082213-CVE-2025-38617-1e47@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38618",
"url": "https://lore.kernel.org/linux-cve-announce/2025082213-CVE-2025-38618-1f1a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38619",
"url": "https://lore.kernel.org/linux-cve-announce/2025082227-CVE-2025-38619-089c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38620",
"url": "https://lore.kernel.org/linux-cve-announce/2025082229-CVE-2025-38620-1dc9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38621",
"url": "https://lore.kernel.org/linux-cve-announce/2025082229-CVE-2025-38621-763f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38622",
"url": "https://lore.kernel.org/linux-cve-announce/2025082230-CVE-2025-38622-035a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38623",
"url": "https://lore.kernel.org/linux-cve-announce/2025082230-CVE-2025-38623-1996@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38624",
"url": "https://lore.kernel.org/linux-cve-announce/2025082230-CVE-2025-38624-81fa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38625",
"url": "https://lore.kernel.org/linux-cve-announce/2025082230-CVE-2025-38625-9903@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38626",
"url": "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38626-1e63@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38627",
"url": "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38627-7cb6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38628",
"url": "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38628-27f4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38629",
"url": "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38629-4f55@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38630",
"url": "https://lore.kernel.org/linux-cve-announce/2025082232-CVE-2025-38630-e14a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38631",
"url": "https://lore.kernel.org/linux-cve-announce/2025082232-CVE-2025-38631-5649@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38632",
"url": "https://lore.kernel.org/linux-cve-announce/2025082232-CVE-2025-38632-70e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38633",
"url": "https://lore.kernel.org/linux-cve-announce/2025082232-CVE-2025-38633-3b1d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38634",
"url": "https://lore.kernel.org/linux-cve-announce/2025082233-CVE-2025-38634-d884@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38635",
"url": "https://lore.kernel.org/linux-cve-announce/2025082233-CVE-2025-38635-aa1c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38636",
"url": "https://lore.kernel.org/linux-cve-announce/2025082233-CVE-2025-38636-0ce2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38638",
"url": "https://lore.kernel.org/linux-cve-announce/2025082234-CVE-2025-38638-caad@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38639",
"url": "https://lore.kernel.org/linux-cve-announce/2025082234-CVE-2025-38639-f972@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38640",
"url": "https://lore.kernel.org/linux-cve-announce/2025082234-CVE-2025-38640-e7a9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38641",
"url": "https://lore.kernel.org/linux-cve-announce/2025082234-CVE-2025-38641-21d7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38642",
"url": "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38642-18af@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38643",
"url": "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38643-a281@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38644",
"url": "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38644-39b4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38645",
"url": "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38645-8e50@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38646",
"url": "https://lore.kernel.org/linux-cve-announce/2025082236-CVE-2025-38646-9862@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38647",
"url": "https://lore.kernel.org/linux-cve-announce/2025082236-CVE-2025-38647-af0d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38648",
"url": "https://lore.kernel.org/linux-cve-announce/2025082236-CVE-2025-38648-adcc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38649",
"url": "https://lore.kernel.org/linux-cve-announce/2025082236-CVE-2025-38649-9023@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38650",
"url": "https://lore.kernel.org/linux-cve-announce/2025082237-CVE-2025-38650-48d6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38651",
"url": "https://lore.kernel.org/linux-cve-announce/2025082237-CVE-2025-38651-6940@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38652",
"url": "https://lore.kernel.org/linux-cve-announce/2025082237-CVE-2025-38652-1f5b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38653",
"url": "https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38653-35ba@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38654",
"url": "https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38654-20b7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38655",
"url": "https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38655-7456@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38656",
"url": "https://lore.kernel.org/linux-cve-announce/2025082238-CVE-2025-38656-32f1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38657",
"url": "https://lore.kernel.org/linux-cve-announce/2025082239-CVE-2025-38657-87b3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38658",
"url": "https://lore.kernel.org/linux-cve-announce/2025082239-CVE-2025-38658-2dd0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38659",
"url": "https://lore.kernel.org/linux-cve-announce/2025082239-CVE-2025-38659-de59@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38660",
"url": "https://lore.kernel.org/linux-cve-announce/2025082239-CVE-2025-38660-19fa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38661",
"url": "https://lore.kernel.org/linux-cve-announce/2025082258-CVE-2025-38661-5d3c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38662",
"url": "https://lore.kernel.org/linux-cve-announce/2025082259-CVE-2025-38662-a8c5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38663",
"url": "https://lore.kernel.org/linux-cve-announce/2025082259-CVE-2025-38663-b1e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38664",
"url": "https://lore.kernel.org/linux-cve-announce/2025082259-CVE-2025-38664-c428@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38665",
"url": "https://lore.kernel.org/linux-cve-announce/2025082259-CVE-2025-38665-29e2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38666",
"url": "https://lore.kernel.org/linux-cve-announce/2025082200-CVE-2025-38666-3167@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38667",
"url": "https://lore.kernel.org/linux-cve-announce/2025082200-CVE-2025-38667-c8e5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38668",
"url": "https://lore.kernel.org/linux-cve-announce/2025082200-CVE-2025-38668-ea82@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38669",
"url": "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38669-d1f0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38670",
"url": "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38670-0dcc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38671",
"url": "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38671-80a3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38672",
"url": "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38672-f53c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38673",
"url": "https://lore.kernel.org/linux-cve-announce/2025082202-CVE-2025-38673-80b9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38674",
"url": "https://lore.kernel.org/linux-cve-announce/2025082202-CVE-2025-38674-58f1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38675",
"url": "https://lore.kernel.org/linux-cve-announce/2025082205-CVE-2025-38675-5eac@gregkh/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15533-1 vom 2025-09-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C3CWBYMMMMQP5D2JJRXS2HCPPVBKD7G5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20653-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022432.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20669-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022482.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03204-1 vom 2025-09-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022522.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-109 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-109.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-104 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-104.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03272-1 vom 2025-09-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022589.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03283-1 vom 2025-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022596.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03290-1 vom 2025-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022602.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6009 vom 2025-09-23",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20608 vom 2025-09-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-20608.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20609 vom 2025-09-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-20609.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03314-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022615.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03310-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022610.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03301-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20632 vom 2025-09-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-20632.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03344-1 vom 2025-09-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GKXOSPRZJUZDU6VCQLCJK56ZS5CAS3IE/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03383-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022724.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03382-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022721.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20756-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022703.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03384-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022723.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20739-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022711.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-105 vom 2025-09-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-105.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-091 vom 2025-09-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-091.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20645 vom 2025-09-30",
"url": "http://linux.oracle.com/errata/ELSA-2025-20645.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-110 vom 2025-09-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-110.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3013 vom 2025-09-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3013.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7793-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7792-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7791-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7795-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7791-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7797-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7797-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-3 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7797-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7797-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7801-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7792-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-4 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7795-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-3 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7800-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7800-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7799-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7799-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-2 vom 2025-10-06",
"url": "https://ubuntu.com/security/notices/USN-7801-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-3 vom 2025-10-06",
"url": "https://ubuntu.com/security/notices/USN-7791-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-3 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7792-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7809-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7809-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-5 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7793-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7808-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7808-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7810-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7811-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7811-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-3 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7795-3"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4327 vom 2025-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4328 vom 2025-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20663 vom 2025-10-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-20663.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-4 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7796-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7819-1 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7819-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7820-1 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7820-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7808-2 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7808-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7821-1 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7821-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-3 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7810-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-2 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7810-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-4 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7791-4"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20662 vom 2025-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-20662.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20716 vom 2025-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-20716.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03600-1 vom 2025-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VHWHH7ZSMFJ6PQZ3CBDGGCWHNBCWD26Z/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03614-1 vom 2025-10-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022911.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03601-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022903.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03602-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022908.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03615-1 vom 2025-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BVPLWRQN6MVKFQDJSEKN2JP6PMSGIO4Q/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-3 vom 2025-10-15",
"url": "https://ubuntu.com/security/notices/USN-7801-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03613-1 vom 2025-10-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022915.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03626-1 vom 2025-10-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z3DYHRRLY43MYRNEEU5SFR4ZRMSPITED/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03633-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022926.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03634-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022925.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03628-1 vom 2025-10-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O6BEPQBC4GULLYP5G3VVU4ZS37B7I6EV/"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-057 vom 2025-10-17",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-057"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03646-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022939.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03664-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MTOFMRK3LB5Y4CTKRSRIRDTSJXMBKZB/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03636-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022943.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03672-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBPUS7ADLARNQVEORNQNHAKFYFPWDZPM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03638-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022942.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03663-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NIBX7WDZXXXRTIUDX7WFS3VGPWD7NNCX/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03671-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSB4TMSU4TOG6COW7K5C7QOAGBVGEEO2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03650-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022941.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03666-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R2ZDQ56FB6HP3MW5EA7XPTYNW5AUJ3AO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03662-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022934.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03653-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022936.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03671-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022929.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03656-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022935.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03652-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022937.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3683-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTWL6L2BIOYRPPMWBKKXRSQCWTVL6MBK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3679-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZNHGGK5KFH4OCT6BUZCQ23FN6LMQEJ7V/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3675-1 vom 2025-10-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SEX3OIACWJNL3JFTCKTDDY2ZAAD3HXJ5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3703-1 vom 2025-10-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022953.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3704-1 vom 2025-10-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H42YWEJO27NI2QHNED4NU6MIZAXTRDPY/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7819-2 vom 2025-10-22",
"url": "https://ubuntu.com/security/notices/USN-7819-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3705-1 vom 2025-10-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2C3GDA2UXZMXIQAO2JMJJII7QMPM54ZZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3716-1 vom 2025-10-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022962.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3712-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZYWNRYWXLEJETDZ2TBJ7OQN7FAFP4Y6/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3734-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F3TOUYNINXLB53MUMC4YBDKDZIK7DGUF/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3717-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R6QLOEOUP77I4M7UKXCNO7CMNS47EZCS/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3733-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UN435YQKTHGRJUJEQKONJDZNHE66V4AU/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3721-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2ZXX3UCU5EV627AL7XTBESRPRFGBRMAK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3731-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L3TCWIIDVGY2LQ4RGEKREUVE35SBN3NV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3720-1 vom 2025-10-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJV6T7CLOKMCK3F3YMCXRION34XFSSYS/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3742-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V7WMM33D7UTTQM25T2XCVZHFJKIMM3TO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3742-1 vom 2025-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022975.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3736-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R47XI57K3GXZNN6FG7VTOGIXG2ZUYHVY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3740-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJK5POT6L2HZCZ5WRQBIEXVSB6FWHQGN/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3761-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MLTPAKCOQABZPEY7O35CI42PHK5WNIUQ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3762-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L5PU3QBFUI54V4YM7FX4AIWKDVDLIFMV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3765-1 vom 2025-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022991.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3751-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NMB6RXALFYMRMM4UK7R54RAQRCZJEBH4/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3755-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFR7CE7W5U4CT7EDERPCHLWSGEIHWJLA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3764-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SP6KY7ONJTFGDWCHVV7CO7D4KUEJ27DA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3748-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYXC2NBEEGHSFXWCA3DVT5LVZMZ5RRNP/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-4 vom 2025-10-24",
"url": "https://ubuntu.com/security/notices/USN-7795-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3768-1 vom 2025-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JX5Y5NWCULMT7SH5C6ZUDMMTVZPLLOJC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3772-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022994.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3771-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022995.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20861-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20881-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20873-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023057.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20886-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20891-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023039.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20870-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023060.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20882-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20875-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023055.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20888-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023042.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20884-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023046.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20877-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023053.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20876-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023054.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20883-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023047.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20887-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023043.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20878-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023052.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20879-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023051.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20890-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023040.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20885-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20874-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20904-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023111.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-404 vom 2025-10-31",
"url": "https://www.dell.com/support/kbdoc/000385435"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20914-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023101.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7854-1 vom 2025-10-30",
"url": "https://ubuntu.com/security/notices/USN-7854-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3889-1 vom 2025-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023122.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3888-1 vom 2025-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023123.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20915-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023100.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3886-1 vom 2025-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023124.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3880-1 vom 2025-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023125.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20903-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023112.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20916-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20909-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023106.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20902-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023113.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20917-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023098.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20906-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023109.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20907-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023108.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3878-1 vom 2025-10-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023126.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20918-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023097.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20920-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023095.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20905-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023110.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20913-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023102.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20898-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023116.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20912-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023103.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-10-30T23:00:00.000+00:00",
"generator": {
"date": "2025-10-31T09:28:27.701+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1898",
"initial_release_date": "2025-08-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-09-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-22T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-09-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon und Oracle Linux aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-07T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
},
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE und Google aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE, Dell und Ubuntu aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T046484",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-58239",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2024-58239"
},
{
"cve": "CVE-2025-38616",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38616"
},
{
"cve": "CVE-2025-38617",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38619",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38619"
},
{
"cve": "CVE-2025-38620",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38620"
},
{
"cve": "CVE-2025-38621",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38621"
},
{
"cve": "CVE-2025-38622",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38622"
},
{
"cve": "CVE-2025-38623",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38623"
},
{
"cve": "CVE-2025-38624",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38624"
},
{
"cve": "CVE-2025-38625",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38625"
},
{
"cve": "CVE-2025-38626",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38626"
},
{
"cve": "CVE-2025-38627",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38627"
},
{
"cve": "CVE-2025-38628",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38628"
},
{
"cve": "CVE-2025-38629",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38629"
},
{
"cve": "CVE-2025-38630",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38630"
},
{
"cve": "CVE-2025-38631",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38631"
},
{
"cve": "CVE-2025-38632",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38632"
},
{
"cve": "CVE-2025-38633",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38633"
},
{
"cve": "CVE-2025-38634",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38634"
},
{
"cve": "CVE-2025-38635",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38635"
},
{
"cve": "CVE-2025-38636",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38636"
},
{
"cve": "CVE-2025-38638",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38638"
},
{
"cve": "CVE-2025-38639",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38639"
},
{
"cve": "CVE-2025-38640",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38640"
},
{
"cve": "CVE-2025-38641",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38641"
},
{
"cve": "CVE-2025-38642",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38642"
},
{
"cve": "CVE-2025-38643",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38643"
},
{
"cve": "CVE-2025-38644",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38645",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38645"
},
{
"cve": "CVE-2025-38646",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38646"
},
{
"cve": "CVE-2025-38647",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38647"
},
{
"cve": "CVE-2025-38648",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38648"
},
{
"cve": "CVE-2025-38649",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38649"
},
{
"cve": "CVE-2025-38650",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38650"
},
{
"cve": "CVE-2025-38651",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38651"
},
{
"cve": "CVE-2025-38652",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38652"
},
{
"cve": "CVE-2025-38653",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38654",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38654"
},
{
"cve": "CVE-2025-38655",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38655"
},
{
"cve": "CVE-2025-38656",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38656"
},
{
"cve": "CVE-2025-38657",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38657"
},
{
"cve": "CVE-2025-38658",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38658"
},
{
"cve": "CVE-2025-38659",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38659"
},
{
"cve": "CVE-2025-38660",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38660"
},
{
"cve": "CVE-2025-38661",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38661"
},
{
"cve": "CVE-2025-38662",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38662"
},
{
"cve": "CVE-2025-38663",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38663"
},
{
"cve": "CVE-2025-38664",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38664"
},
{
"cve": "CVE-2025-38665",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38665"
},
{
"cve": "CVE-2025-38666",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38666"
},
{
"cve": "CVE-2025-38667",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38667"
},
{
"cve": "CVE-2025-38668",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38668"
},
{
"cve": "CVE-2025-38669",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38669"
},
{
"cve": "CVE-2025-38670",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38670"
},
{
"cve": "CVE-2025-38671",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38671"
},
{
"cve": "CVE-2025-38672",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38672"
},
{
"cve": "CVE-2025-38673",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38673"
},
{
"cve": "CVE-2025-38674",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38674"
},
{
"cve": "CVE-2025-38675",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T000126",
"T027843",
"T046484",
"398363",
"393401",
"T004914",
"T048226",
"T039664"
]
},
"release_date": "2025-08-24T22:00:00.000+00:00",
"title": "CVE-2025-38675"
}
]
}
ghsa-hw95-chc9-4w36
Vulnerability from github
Published
2025-08-22 18:31
Modified
2025-08-22 18:31
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails
Have nvmet_req_init() and req->execute() complete failed commands.
Description of the problem: nvmet_req_init() calls __nvmet_req_complete() internally upon failure, e.g., unsupported opcode, which calls the "queue_response" callback, this results in nvmet_pci_epf_queue_response() being called, which will call nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is different from DMA_TO_DEVICE. This results in a double completion as nvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod() when nvmet_req_init() fails.
Steps to reproduce: On the host send a command with an unsupported opcode with nvme-cli, For example the admin command "security receive" $ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096
This triggers a double completion as nvmet_req_init() fails and nvmet_pci_epf_queue_response() is called, here iod->dma_dir is still in the default state of "DMA_NONE" as set by default in nvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called. Because nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also called in nvmet_pci_epf_exec_iod_work() leading to a double completion. This not only sends two completions to the host but also corrupts the state of the PCI NVMe target leading to kernel oops.
This patch lets nvmet_req_init() and req->execute() complete all failed commands, and removes the double completion case in nvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where double completions occurred.
{
"affected": [],
"aliases": [
"CVE-2025-38658"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T16:15:40Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\n\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\n\nDescription of the problem:\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\ne.g., unsupported opcode, which calls the \"queue_response\" callback,\nthis results in nvmet_pci_epf_queue_response() being called, which will\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\ndifferent from DMA_TO_DEVICE. This results in a double completion as\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\nwhen nvmet_req_init() fails.\n\nSteps to reproduce:\nOn the host send a command with an unsupported opcode with nvme-cli,\nFor example the admin command \"security receive\"\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\n\nThis triggers a double completion as nvmet_req_init() fails and\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\nin the default state of \"DMA_NONE\" as set by default in\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\nThis not only sends two completions to the host but also corrupts the\nstate of the PCI NVMe target leading to kernel oops.\n\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\ncommands, and removes the double completion case in\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\ndouble completions occurred.",
"id": "GHSA-hw95-chc9-4w36",
"modified": "2025-08-22T18:31:22Z",
"published": "2025-08-22T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38658"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/746d0ac5a07d5da952ef258dd4d75f0b26c96476"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a535c0b10060bc8c174a7964b0f98064ee0c4774"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2025-38658
Vulnerability from fkie_nvd
Published
2025-08-22 16:15
Modified
2025-08-22 18:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails
Have nvmet_req_init() and req->execute() complete failed commands.
Description of the problem:
nvmet_req_init() calls __nvmet_req_complete() internally upon failure,
e.g., unsupported opcode, which calls the "queue_response" callback,
this results in nvmet_pci_epf_queue_response() being called, which will
call nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is
different from DMA_TO_DEVICE. This results in a double completion as
nvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()
when nvmet_req_init() fails.
Steps to reproduce:
On the host send a command with an unsupported opcode with nvme-cli,
For example the admin command "security receive"
$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096
This triggers a double completion as nvmet_req_init() fails and
nvmet_pci_epf_queue_response() is called, here iod->dma_dir is still
in the default state of "DMA_NONE" as set by default in
nvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.
Because nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also
called in nvmet_pci_epf_exec_iod_work() leading to a double completion.
This not only sends two completions to the host but also corrupts the
state of the PCI NVMe target leading to kernel oops.
This patch lets nvmet_req_init() and req->execute() complete all failed
commands, and removes the double completion case in
nvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where
double completions occurred.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails\n\nHave nvmet_req_init() and req-\u003eexecute() complete failed commands.\n\nDescription of the problem:\nnvmet_req_init() calls __nvmet_req_complete() internally upon failure,\ne.g., unsupported opcode, which calls the \"queue_response\" callback,\nthis results in nvmet_pci_epf_queue_response() being called, which will\ncall nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir is\ndifferent from DMA_TO_DEVICE. This results in a double completion as\nnvmet_pci_epf_exec_iod_work() also calls nvmet_pci_epf_complete_iod()\nwhen nvmet_req_init() fails.\n\nSteps to reproduce:\nOn the host send a command with an unsupported opcode with nvme-cli,\nFor example the admin command \"security receive\"\n$ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096\n\nThis triggers a double completion as nvmet_req_init() fails and\nnvmet_pci_epf_queue_response() is called, here iod-\u003edma_dir is still\nin the default state of \"DMA_NONE\" as set by default in\nnvmet_pci_epf_alloc_iod(), so nvmet_pci_epf_complete_iod() is called.\nBecause nvmet_req_init() failed nvmet_pci_epf_complete_iod() is also\ncalled in nvmet_pci_epf_exec_iod_work() leading to a double completion.\nThis not only sends two completions to the host but also corrupts the\nstate of the PCI NVMe target leading to kernel oops.\n\nThis patch lets nvmet_req_init() and req-\u003eexecute() complete all failed\ncommands, and removes the double completion case in\nnvmet_pci_epf_exec_iod_work() therefore fixing the edge cases where\ndouble completions occurred."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: pci-epf: No completar comandos dos veces si nvmet_req_init() falla. nvmet_req_init() y req-\u0026gt;execute() completan los comandos fallidos. Descripci\u00f3n del problema: nvmet_req_init() llama internamente a __nvmet_req_complete() en caso de fallo (p. ej., un c\u00f3digo de operaci\u00f3n no compatible, que llama a la devoluci\u00f3n de llamada \"queue_response\"). Esto provoca la llamada a nvmet_pci_epf_queue_response(), que a su vez llama a nvmet_pci_epf_complete_iod() si data_len es 0 o si dma_dir es diferente de DMA_TO_DEVICE. Esto genera una doble finalizaci\u00f3n, ya que nvmet_pci_epf_exec_iod_work() tambi\u00e9n llama a nvmet_pci_epf_complete_iod() cuando falla nvmet_req_init(). Pasos para reproducir: En el host, env\u00ede un comando con un c\u00f3digo de operaci\u00f3n no compatible con nvme-cli. Por ejemplo, el comando de administrador \"security receive\": $ sudo nvme security-recv /dev/nvme0n1 -n1 -x4096. Esto activa una doble finalizaci\u00f3n, ya que nvmet_req_init() falla y se llama a nvmet_pci_epf_queue_response(). En este caso, iod-\u0026gt;dma_dir a\u00fan se encuentra en el estado predeterminado \"DMA_NONE\", tal como se establece por defecto en nvmet_pci_epf_alloc_iod(), por lo que se llama a nvmet_pci_epf_complete_iod(). Debido a que nvmet_req_init() fall\u00f3, nvmet_pci_epf_complete_iod() tambi\u00e9n se llama en nvmet_pci_epf_exec_iod_work(), lo que provoca una doble finalizaci\u00f3n. Esto no solo env\u00eda dos finalizaciones al host, sino que tambi\u00e9n corrompe el estado del destino PCI NVMe, lo que provoca errores del kernel. Este parche permite que nvmet_req_init() y req-\u0026gt;execute() completen todos los comandos fallidos y elimina el caso de doble finalizaci\u00f3n en nvmet_pci_epf_exec_iod_work(), corrigiendo as\u00ed los casos extremos donde se produc\u00edan dobles finalizaciones."
}
],
"id": "CVE-2025-38658",
"lastModified": "2025-08-22T18:08:51.663",
"metrics": {},
"published": "2025-08-22T16:15:40.907",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/746d0ac5a07d5da952ef258dd4d75f0b26c96476"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a535c0b10060bc8c174a7964b0f98064ee0c4774"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…