CVE-2025-38035
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's NVMe over TCP (nvmet-tcp) subsystem can cause kernel crashes when TCP connections aren't properly established. This affects systems using NVMe over TCP storage protocols, potentially leading to denial of service. The vulnerability is triggered during TCP connection handling when queue->state_change is NULL.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote reboot.
Likely Case
System instability or crash when NVMe over TCP connections fail to establish properly, affecting storage availability.
If Mitigated
Minor performance impact or connection failures without system crash if proper error handling is in place.
🎯 Exploit Status
Exploitation requires ability to establish or disrupt NVMe over TCP connections. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 17e58be5b49f58bf17799a504f55c2d05ab2ecdc, 3a982ada411b8c52695f1784c3f4784771f30209, 46d22b47df2741996af277a2838b95f130436c13, 6265538446e2426f4bf3b57e91d7680b2047ddd9, a21cb31642ffc84ca4ce55028212a96f72f54d30
Vendor Advisory: https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for patched kernel packages. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NVMe over TCP
linuxDisable the nvmet-tcp subsystem if not required
modprobe -r nvmet-tcp
echo 'blacklist nvmet-tcp' >> /etc/modprobe.d/blacklist.conf
Network isolation
linuxRestrict access to NVMe over TCP ports (typically 4420)
iptables -A INPUT -p tcp --dport 4420 -j DROP
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="4420" protocol="tcp" reject'
🧯 If You Can't Patch
- Implement strict network segmentation to isolate NVMe over TCP traffic
- Monitor system logs for kernel panic or NULL pointer dereference messages
🔍 How to Verify
Check if Vulnerable:
Check if nvmet-tcp module is loaded: lsmod | grep nvmet_tcpCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference messages
- BUG: kernel NULL pointer dereference
- Oops: 0010
- nvmet-tcp related crash logs
Network Indicators:
- Unexpected TCP connection attempts to port 4420
- Abnormal NVMe over TCP connection patterns
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "Oops: 0010") AND "nvmet"🔗 References
- https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc
- https://git.kernel.org/stable/c/3a982ada411b8c52695f1784c3f4784771f30209
- https://git.kernel.org/stable/c/46d22b47df2741996af277a2838b95f130436c13
- https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9
- https://git.kernel.org/stable/c/a21cb31642ffc84ca4ce55028212a96f72f54d30
- https://git.kernel.org/stable/c/c240375587ddcc80e1022f52ee32b946bbc3a639
- https://git.kernel.org/stable/c/ec462449f4cf616b0aa2ed119f5f44b5fdfcefab
- https://git.kernel.org/stable/c/fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
