CVE-2025-38209: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38209 is a vulnerability discovered in the Linux kernel, specifically affecting the nvme-tcp component. The issue was disclosed on July 4, 2025, and involves a slab-use-after-free bug in the kernel's NVMe-TCP implementation (NVD, CVE).

The vulnerability stems from a modification in nvmetcpsetupctrl() that calls nvmetcpconfigureadminqueue() twice, introduced by commit 104d0e2f6222. The first call prepares for DH-CHAP negotiation, while the second call is required for secure concatenation. When the second call fails, it does not properly remove the admin tag set, leading to a use-after-free condition in blkmqqueuetagbusyiter(). This bug can be reproduced by repeatedly running the blktests test case nvme/063 (NVD).

The vulnerability results in a KASAN slab-use-after-free bug when the timeout handler accesses the admintagset field after it has been freed. This could potentially lead to system instability or crashes in systems using NVMe-TCP storage configurations (NVD).

The fix involves modifying nvmetcpsetupctrl() to call nvmeremoveadmintagset() when the second nvmetcpconfigureadminqueue() call fails. Instead of returning directly on failure, the code now jumps to the "destroyadmin" goto label to properly clean up resources (NVD).