CVE-2025-38035: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38035 is a vulnerability discovered in the Linux kernel affecting the nvmet-tcp component. The vulnerability was disclosed on June 18, 2025, and involves an issue where queue->statechange is set as part of nvmettcpsetqueuesock(), but if the TCP connection isn't established when nvmettcpsetqueuesock() is called, then queue->statechange isn't set and sock->sk->skstatechange isn't replaced (NVD, Wiz).

The vulnerability stems from a NULL pointer dereference issue in the Linux kernel's nvmet-tcp component. When the TCP connection isn't established during the nvmettcpsetqueuesock() call, the queue->state_change remains unset, leading to potential NULL pointer dereferences. This can result in kernel crashes and system instability, as evidenced by detailed stack traces showing the NULL pointer dereference at address 0x0000000000000000 (NVD, Wiz).

The vulnerability can lead to system crashes and potential denial of service conditions due to NULL pointer dereferences in the kernel. When triggered, it results in kernel oops messages and system instability, potentially affecting the availability of services running on the affected systems (Wiz).

The vulnerability has been resolved in the Linux kernel through a patch that prevents the restoration of null skstatechange. The fix ensures that sock->sk->skstatechange is not restored if queue->state_change is NULL, effectively preventing the NULL pointer dereferences. Various Linux distributions have released or are in the process of releasing patches for their respective versions (Debian).