CVE-2025-39958Linux vulnerability

7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 9
Latest updateOct 14

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel6.26.16.9+1
Debianlinux/linux_kernel< 6.16.9-1
CVEListV5linux/linux59bbf596791b89c7f88fdcac29dfc39c1221d25d359613f2fa009587154511e4842e8ab9532edd15+2
debiandebian/linux< linux 6.16.9-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-39958: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI de2025-10-09
GHSA
GHSA-p5vh-p63c-cg4v: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI2025-10-09

📋Vendor Advisories

3
Microsoft
iommu/s390: Make attach succeed when the device was surprise removed2025-10-14
Red Hat
kernel: iommu/s390: Make attach succeed when the device was surprise removed2025-10-09
Debian
CVE-2025-39958: linux - In the Linux kernel, the following vulnerability has been resolved: iommu/s390:...2025

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14