What is the severity of CVE-2025-37825?

CVE-2025-37825 is classified as a moderate severity vulnerability due to potential out-of-bounds memory access.

How do I fix CVE-2025-37825?

To fix CVE-2025-37825, update your Linux kernel to the latest patched version provided by your distribution.

What systems are affected by CVE-2025-37825?

CVE-2025-37825 affects the Linux Kernel implementations that utilize the nvmet subsystem.

What are the potential risks associated with CVE-2025-37825?

The risks associated with CVE-2025-37825 include system crashes and potential exploitation leading to unauthorized access.

When was CVE-2025-37825 disclosed?

CVE-2025-37825 was disclosed as part of a security update to the Linux kernel.

Vulnerability/
CVE-2025-37825

8/5/2025

CVE-2025-37825: nvmet: fix out-of-bounds access in nvmet_enable_port

First published: Thu May 08 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transports array, causing an out-of-bounds access: [ 106.058694] BUG: KASAN: global-out-of-bounds in nvmet_enable_port+0x42/0x1da [ 106.058719] Read of size 8 at addr ffffffff89dafa58 by task ln/632 [...] [ 106.076026] nvmet: transport type 255 not supported Since commit 200adac75888, NVMF_TRTYPE_MAX is the default state as configured by nvmet_ports_make(). Avoid this by checking for NVMF_TRTYPE_MAX before proceeding.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-37825?
CVE-2025-37825 is classified as a moderate severity vulnerability due to potential out-of-bounds memory access.
How do I fix CVE-2025-37825?
To fix CVE-2025-37825, update your Linux kernel to the latest patched version provided by your distribution.
What systems are affected by CVE-2025-37825?
CVE-2025-37825 affects the Linux Kernel implementations that utilize the nvmet subsystem.
What are the potential risks associated with CVE-2025-37825?
The risks associated with CVE-2025-37825 include system crashes and potential exploitation leading to unauthorized access.
When was CVE-2025-37825 disclosed?
CVE-2025-37825 was disclosed as part of a security update to the Linux kernel.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.