Description

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case. This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpci_fmb_enable_device when using the identity domain for a device on s390.

INFO

Published Date :

2025-10-04T07:31:02.521Z

Last Modified :

2025-10-04T07:31:02.521Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39939 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39939.

URL Resource
https://git.kernel.org/stable/c/17a58caf3863163c4a84a218a9649be2c8061443 cve-icon cve-icon
https://git.kernel.org/stable/c/b3506e9bcc777ed6af2ab631c86a9990ed97b474 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39939-7ec4@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39939 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39939 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact