CVE-2025-38264 – NVIDIA nvme-tcp Request List Injection Vulnerability

CVE ID : CVE-2025-38264

Published : July 9, 2025, 11:15 a.m. | 49 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

nvme-tcp: sanitize request list handling

Validate the request in nvme_tcp_handle_r2t() to ensure it’s not part of
any list, otherwise a malicious R2T PDU might inject a loop in request
list processing.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…