Impact
The vulnerability resides in the Linux kernel’s nvmet‑tcp subsystem. A helper function that sets up a PDU iterator returns void and silently discards errors when it detects an out‑of‑bounds PDU length or offset. Because callers are unaware of the failure, they overwrite the command’s state and later use an uninitialized iterator to read network data. Based on the description, the improper error handling and use of uninitialized memory could allow an attacker who can inject crafted network packets to corrupt kernel memory, potentially leading to execution of arbitrary code with kernel privileges. This inference is not explicitly stated in the CVE data but follows from the described mechanics and the identified weaknesses (CWE‑665, CWE‑682, CWE‑390).
Affected Systems
The affected component is the Linux kernel, specifically the nvmet‑tcp implementation. The CVE does not list a specific version range, so the flaw applies to any kernel that includes the vulnerable code path before the patch is applied. The vendor is Linux and the product is the Linux kernel; no other vendors are affected according to the CNA data.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity, and the EPSS score is less than 1 %, implying a low probability of exploitation at the time of this analysis. The vulnerability can be triggered over the network by sending malformed nvmet‑tcp PDUs to a host that exposes the service. The potential for kernel memory corruption and the inferred possibility of arbitrary code execution give the flaw a high risk profile. The flaw is not listed in the CISA KEV catalog. The likely attack vector is network‑based, requiring access to the nvmet‑tcp port from an untrusted host.
OpenCVE Enrichment
Debian DLA