Home

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case. This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpci_fmb_enable_device when using the identity domain for a device on s390.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-04 | Updated 2025-10-04 | Assigner Linux

Product status

Default status
unaffected

64af12c6ec3afd7d44bc8b2044eee59f98059087 before 17a58caf3863163c4a84a218a9649be2c8061443
affected

64af12c6ec3afd7d44bc8b2044eee59f98059087 before b3506e9bcc777ed6af2ab631c86a9990ed97b474
affected

Default status
affected

6.15
affected

Any version before 6.15
unaffected

6.16.9
unaffected

6.17
unaffected

References

git.kernel.org/...c/17a58caf3863163c4a84a218a9649be2c8061443

git.kernel.org/...c/b3506e9bcc777ed6af2ab631c86a9990ed97b474

cve.org (CVE-2025-39939)

nvd.nist.gov (CVE-2025-39939)

Download JSON