Linux Kernel NVMe over Fabrics Out-of-Bounds Access Vulnerability in Port Enablement

Vulnerability

A vulnerability in the Linux kernel's NVMe over Fabrics (NVMe-oF) implementation has been identified, specifically in the 'nvmet_enable_port' function. When enabling a port without a configured transport, the function incorrectly uses 'NVMF_TRTYPE_MAX' (255) to access the transports array. This leads to an out-of-bounds memory access, as the transport type 255 is not supported. The issue arises because 'NVMF_TRTYPE_MAX' has become the default state since a recent commit, which introduced this vulnerability by allowing invalid transport type queries.

Impact

Exploitation of this vulnerability causes a global out-of-bounds memory access, which can lead to memory corruption or other undefined behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NVMe over Fabrics Out-of-Bounds Access Vulnerability in Port Enablement

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating