CVE-2025-39939Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.156.16.9+1
Debianlinux/linux_kernel< 6.16.9-1
CVEListV5linux/linux64af12c6ec3afd7d44bc8b2044eee59f9805908717a58caf3863163c4a84a218a9649be2c8061443+2
debiandebian/linux< linux 6.16.9-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-pm9c-rrjm-4v2f: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs2025-10-04
OSV
CVE-2025-39939: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs()2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: iommu/s390: Fix memory corruption when using identity domain2025-10-04
Debian
CVE-2025-39939: linux - In the Linux kernel, the following vulnerability has been resolved: iommu/s390:...2025