CVE-2025-39778

Summary

In the Linux kernel, the following vulnerability has been resolved:

objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()

The csts_state_names[] array only has six sparse entries, but the iteration code in nvmet_ctrl_state_show() iterates seven, resulting in a potential out-of-bounds stack read. Fix that.

Fixes the following warning with an UBSAN kernel:

vmlinux.o: warning: objtool: .text.nvmet_ctrl_state_show: unexpected end of section

Affected Software

VendorProductVersion RangeStatus
LinuxLinux649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 1adc93a525fdee8e2b311e6d5fd93eb69714ca05affected
LinuxLinux649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 8fbf37a3577b4d64c150cafde338eee17b2f2ea4affected
LinuxLinux649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 0cc0efc58d6c741b2868d4af24874d7fec28a575affected
LinuxLinux649fd41420a816b11b07423ebf4dbd4ac1ac2905 < 107a23185d990e3df6638d9a84c835f963fe30a6affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References