CVE-2025-37946 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize state of zpci_dev's") the code to ignore power off of a PF that has child VFs was changed from a direct return to a goto to the unlock and pci_dev_put() section. The change however left the existing pci_dev_put() untouched resulting in a doubple put. This can subsequently cause a use after free if the struct pci_dev is released in an unexpected state. Fix this by removing the extra pci_dev_put().

Reserved 2025-04-16 | Published 2025-05-20 | Updated 2025-05-26 | Assigner Linux

Product status

Default status

unaffected

bcb5d6c769039c8358a2359e7c3ea5d97ce93108 before c488f8b53e156d6dcc0514ef0afa3a33376b8f9e

affected

bcb5d6c769039c8358a2359e7c3ea5d97ce93108 before 957529baef142d95e0d1b1bea786675bd47dbe53

affected

bcb5d6c769039c8358a2359e7c3ea5d97ce93108 before 05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1

affected

Default status

affected

6.9

affected

Any version before 6.9

unaffected

6.12.29

unaffected

6.14.7

unaffected

6.15

unaffected

References

git.kernel.org/...c/c488f8b53e156d6dcc0514ef0afa3a33376b8f9e

git.kernel.org/...c/957529baef142d95e0d1b1bea786675bd47dbe53

git.kernel.org/...c/05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1

cve.org (CVE-2025-37946)

nvd.nist.gov (CVE-2025-37946)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-37946

Support options

Helpdesk Chat, Email, Knowledgebase