Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.35 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.37 views

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

9.8CVSS0.00353EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 6:15 a.m.26 views

CVE-2026-4652

Summary of CVE-2026-4652 (NVMe/TCP) : A remote attacker with network access to an NVMe/TCP target can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID, leading to an unauthenticated Denial of Service. Affected systems expose an NVMe/TCP target; imp...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/09 1:16 a.m.5 views

CVE-2023-53817

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn...

0.002EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/07/25 12:53 p.m.6 views

CVE-2025-38397

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following "suspicious RCU usage" warning in nvmempathaddsysfslink: ''' 5.024557 T44 nvmet: Created nvm controller 1 for...

5.5CVSS5.7AI score0.00129EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/24 1:17 a.m.3 views

kernel: nvme-tcp: fix UAF when detecting digest errors

A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem...

7.8CVSS7.2AI score0.0025EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 5:33 p.m.7 views

kernel: NULL pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01549EPSS
Exploits0References4
OSV
OSV
added 2024/05/17 1:15 p.m.8 views

AZL-67581 CVE-2024-27435 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, adminq reconnect failed forever while remote target and network is ok. After dig into it, we found ...

5.5CVSS6.8AI score0.00174EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/12 12:51 a.m.3 views

kernel: NULL pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01549EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.4 views

kernel: nvme-tcp: don't access released socket during error recovery

A race condition leading to NULL pointer dereference was found in the Linux kernel NVMe-over-TCP driver's error recovery handling. A local user with privileges to execute NVMe management commands can run the 'nvme list' command while NVMe-over-TCP error recovery work is temporarily failing...

5.5CVSS7.4AI score0.00143EPSS
Exploits0References5
Rows per page
Query Builder