CVE-2025-38264

{"id": "CVE-2025-38264", "cveTags": [], "metrics": {}, "published": "2025-07-09T11:15:28.810", "references": [{"url": "https://git.kernel.org/stable/c/0bf04c874fcb1ae46a863034296e4b33d8fbd66c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094848ebf4c6bae006", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f054ea62598197714a6ca7b3b387a027308f8b13", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it's not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-tcp: desinfectar el manejo de la lista de solicitudes Valide la solicitud en nvme_tcp_handle_r2t() para asegurarse de que no sea parte de ninguna lista; de lo contrario, una PDU R2T maliciosa podr\u00eda inyectar un bucle en el procesamiento de la lista de solicitudes."}], "lastModified": "2025-07-10T13:17:30.017", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}