VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-87xg-7fgu-e3h8

Essentials
Severities (10)
References (38)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-87xg-7fgu-e3h8
Aliases	CVE-2025-21927
Summary	kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Status	Published
Exploitability	0.5
Weighted Severity	7.2
Risk	3.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
cvssv3	8.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21927.json
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-21927
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-21927
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126
ssvc	Track	https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126
cvssv3.1	7.8	https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722
ssvc	Track	https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722
cvssv3.1	7.8	https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064
ssvc	Track	https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21927.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-21927
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21927
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126		https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126
2356593		https://bugzilla.redhat.com/show_bug.cgi?id=2356593
9fbc953d6b38bc824392e01850f0aeee3b348722		https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722
ad95bab0cd28ed77c2c0d0b6e76e03e031391064		https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064
RHSA-2025:4339		https://access.redhat.com/errata/RHSA-2025:4339
RHSA-2025:4340		https://access.redhat.com/errata/RHSA-2025:4340
RHSA-2025:4341		https://access.redhat.com/errata/RHSA-2025:4341
RHSA-2025:4469		https://access.redhat.com/errata/RHSA-2025:4469
RHSA-2025:4471		https://access.redhat.com/errata/RHSA-2025:4471
RHSA-2025:4496		https://access.redhat.com/errata/RHSA-2025:4496
RHSA-2025:4497		https://access.redhat.com/errata/RHSA-2025:4497
RHSA-2025:4498		https://access.redhat.com/errata/RHSA-2025:4498
RHSA-2025:4499		https://access.redhat.com/errata/RHSA-2025:4499
RHSA-2025:4509		https://access.redhat.com/errata/RHSA-2025:4509
RHSA-2025:7423		https://access.redhat.com/errata/RHSA-2025:7423
RHSA-2025:7501		https://access.redhat.com/errata/RHSA-2025:7501
USN-7605-1		https://usn.ubuntu.com/7605-1/
USN-7605-2		https://usn.ubuntu.com/7605-2/
USN-7606-1		https://usn.ubuntu.com/7606-1/
USN-7628-1		https://usn.ubuntu.com/7628-1/
USN-7764-1		https://usn.ubuntu.com/7764-1/
USN-7764-2		https://usn.ubuntu.com/7764-2/
USN-7765-1		https://usn.ubuntu.com/7765-1/
USN-7766-1		https://usn.ubuntu.com/7766-1/
USN-7767-1		https://usn.ubuntu.com/7767-1/
USN-7767-2		https://usn.ubuntu.com/7767-2/
USN-7779-1		https://usn.ubuntu.com/7779-1/
USN-7790-1		https://usn.ubuntu.com/7790-1/
USN-7800-1		https://usn.ubuntu.com/7800-1/
USN-7801-1		https://usn.ubuntu.com/7801-1/
USN-7801-2		https://usn.ubuntu.com/7801-2/
USN-7801-3		https://usn.ubuntu.com/7801-3/
USN-7802-1		https://usn.ubuntu.com/7802-1/
USN-7809-1		https://usn.ubuntu.com/7809-1/

No exploits are available.

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21927.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:22:21Z/ Found at https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:22:21Z/ Found at https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T19:22:21Z/ Found at https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064

Exploit Prediction Scoring System (EPSS)

Percentile	0.067
EPSS Score	0.00023
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:47:01.769556+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21927.json	38.6.0