-
CVE-2025-39939
- EPSS 0.02%
- Veröffentlicht 04.10.2025 07:31:02
- Zuletzt bearbeitet 06.10.2025 14:56:47
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case. This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpci_fmb_enable_device when using the identity domain for a device on s390.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
17a58caf3863163c4a84a218a9649be2c8061443
Version
64af12c6ec3afd7d44bc8b2044eee59f98059087
Status
affected
Version <
b3506e9bcc777ed6af2ab631c86a9990ed97b474
Version
64af12c6ec3afd7d44bc8b2044eee59f98059087
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.15
Status
affected
Version <
6.15
Version
0
Status
unaffected
Version <=
6.16.*
Version
6.16.9
Status
unaffected
Version <=
*
Version
6.17
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.034 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|