A subtle bounds-checking gap in the Linux NVMe over TCP path has been assigned CVE-2025-21927 and fixed upstream: a missing validation of the PDU header length in nvme_tcp_recv_pdu can allow a malformed target to trigger a header-digest routine that reads and writes past the allocated buffer...
