CVE-2025-38397 | Linux Kernel up to 6.15.5/6.16-rc4 nvme-multipath nvme_mpath_add_sysfs_link stack-based overflow

A vulnerability was found in Linux Kernel up to 6.15.5/6.16-rc4. It has been declared as critical. This vulnerability affects the function nvme_mpath_add_sysfs_link of the component nvme-multipath. The manipulation leads to stack-based buffer overflow.

This vulnerability was named CVE-2025-38397. The attack can only be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More