5.5

CVE-2025-38733

s390/mm: Do not map lowcore with identity mapping

In the Linux kernel, the following vulnerability has been resolved:

s390/mm: Do not map lowcore with identity mapping

Since the identity mapping is pinned to address zero the lowcore is always
also mapped to address zero, this happens regardless of the relocate_lowcore
command line option. If the option is specified the lowcore is mapped
twice, instead of only once.

This means that NULL pointer accesses will succeed instead of causing an
exception (low address protection still applies, but covers only parts).
To fix this never map the first two pages of physical memory with the
identity mapping.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.10.11 < 6.11
LinuxLinux Kernel Version >= 6.11.1 < 6.12.44
LinuxLinux Kernel Version >= 6.13 < 6.16.4
LinuxLinux Kernel Version6.11 Update-
LinuxLinux Kernel Version6.11 Updaterc5
LinuxLinux Kernel Version6.11 Updaterc6
LinuxLinux Kernel Version6.11 Updaterc7
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.039
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/30bf5728bb217a6d1ba73f44094c9b9c6bc9a567
Patch
https://git.kernel.org/stable/c/1d7864acd497cb468a998d44631f84896f885e85
Patch
https://git.kernel.org/stable/c/93f616ff870a1fb7e84d472cad0af651b18f9f87
Patch