-

CVE-2026-53116

s390/ap: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved:

s390/ap: use generic driver_override infrastructure

When the AP masks are updated via apmask_store() or aqmask_store(),
ap_bus_revise_bindings() is called after ap_attr_mutex has been
released.

This calls __ap_revise_reserved(), which accesses the driver_override
field without holding any lock, racing against a concurrent
driver_override_store() that may free the old string, resulting in a
potential UAF.

Fix this by using the driver-core driver_override infrastructure, which
protects all accesses with an internal spinlock.

Note that unlike most other buses, the AP bus does not check
driver_override in its match() callback; the override is checked in
ap_device_probe() and __ap_revise_reserved() instead.

Also note that we do not enable the driver_override feature of struct
bus_type, as AP - in contrast to most other buses - passes "" to
sysfs_emit() when the driver_override pointer is NULL. Thus, printing
"\n" instead of "(null)\n".

Additionally, AP has a custom counter that is modified in the
corresponding custom driver_override_store().
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version d38a87d7c0643db61e7a3bfc3ebeea2dc2568f7e
Version < 8f2eca0570438b94602da1297353eb7b10dcb6cb
Status affected
Version d38a87d7c0643db61e7a3bfc3ebeea2dc2568f7e
Version < 81d6f7c3a70b10ff757ee8b5f8114a190871cf1e
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.19
Status affected
Version 0
Version < 6.19
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/8f2eca0570438b94602da1297353eb7b10dcb6cb
https://git.kernel.org/stable/c/81d6f7c3a70b10ff757ee8b5f8114a190871cf1e