CVE-2025-37825
📋 TL;DR
This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's NVMe over Fabrics target subsystem. When attempting to enable a port without a configured transport, the kernel reads beyond array bounds, potentially causing kernel crashes or information disclosure. Systems using NVMe over Fabrics with unconfigured ports are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, or potential information disclosure from kernel memory
Likely Case
System crash or kernel panic when attempting to enable unconfigured NVMe over Fabrics ports
If Mitigated
No impact if NVMe over Fabrics is not used or all ports are properly configured
🎯 Exploit Status
Requires ability to trigger nvmet port operations, typically through privileged operations or misconfigured storage management
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 3d7aa0c7b4e96cd460826d932e44710cdeb3378b or 83c00860a37b3fcba8026cb344101f1b8af547cf
Vendor Advisory: https://git.kernel.org/stable/c/3d7aa0c7b4e96cd460826d932e44710cdeb3378b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix
2. Reboot system to load new kernel
3. Verify kernel version with 'uname -r'
🔧 Temporary Workarounds
Disable NVMe over Fabrics
linuxRemove or disable nvmet module if not required
rmmod nvmet
echo 'blacklist nvmet' >> /etc/modprobe.d/blacklist.conf
Configure all NVMe ports
linuxEnsure all nvmet ports have valid transport configuration
# Check port configuration: ls /sys/kernel/config/nvmet/ports/
# Configure missing transports appropriately
🧯 If You Can't Patch
- Disable NVMe over Fabrics subsystem if not required
- Ensure all NVMe ports have proper transport configuration before enabling
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if nvmet is loaded: 'uname -r' and 'lsmod | grep nvmet'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test port operations📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'BUG: KASAN: global-out-of-bounds in nvmet_enable_port'
- 'nvmet: transport type 255 not supported' messages
Network Indicators:
- Unexpected NVMe over Fabrics connection failures
SIEM Query:
kernel_log: "nvmet_enable_port" AND ("KASAN" OR "out-of-bounds")