CVE-2025-39694 (GCVE-0-2025-39694)
Vulnerability from cvelistv5
Published
2025-09-05 17:21
Modified
2025-09-29 05:57
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation. If the kernel identity mapping does not start at address zero, the resulting virtual address is never zero, so that the NULL checks won't work. Subsequently this may result in incorrect accesses to the first page of the identity mapping. Fix this by introducing a function that handles the NULL case before address translation.
Impacted products
Vendor Product Version
Linux Linux Version: ada1da31ce34248bc97ca8f801f2cf6efa378a81
Version: ada1da31ce34248bc97ca8f801f2cf6efa378a81
Version: ada1da31ce34248bc97ca8f801f2cf6efa378a81
Version: ada1da31ce34248bc97ca8f801f2cf6efa378a81
Version: ada1da31ce34248bc97ca8f801f2cf6efa378a81
Create a notification for this product.
   Linux Linux Version: 5.16
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "aa5073ac1a2a274812f3b04c278992e68ff67cc7",
              "status": "affected",
              "version": "ada1da31ce34248bc97ca8f801f2cf6efa378a81",
              "versionType": "git"
            },
            {
              "lessThan": "86c2825791c3836a8f77a954b9c5ebe6fab410c5",
              "status": "affected",
              "version": "ada1da31ce34248bc97ca8f801f2cf6efa378a81",
              "versionType": "git"
            },
            {
              "lessThan": "61605c847599fbfdfafe638607841c7d73719081",
              "status": "affected",
              "version": "ada1da31ce34248bc97ca8f801f2cf6efa378a81",
              "versionType": "git"
            },
            {
              "lessThan": "bf83ae3537359af088d6577812ed93113dfbcb7b",
              "status": "affected",
              "version": "ada1da31ce34248bc97ca8f801f2cf6efa378a81",
              "versionType": "git"
            },
            {
              "lessThan": "430fa71027b6ac9bb0ce5532b8d0676777d4219a",
              "status": "affected",
              "version": "ada1da31ce34248bc97ca8f801f2cf6efa378a81",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.44",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:33.748Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/aa5073ac1a2a274812f3b04c278992e68ff67cc7"
        },
        {
          "url": "https://git.kernel.org/stable/c/86c2825791c3836a8f77a954b9c5ebe6fab410c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/61605c847599fbfdfafe638607841c7d73719081"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf83ae3537359af088d6577812ed93113dfbcb7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/430fa71027b6ac9bb0ce5532b8d0676777d4219a"
        }
      ],
      "title": "s390/sclp: Fix SCCB present check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39694",
    "datePublished": "2025-09-05T17:21:00.361Z",
    "dateReserved": "2025-04-16T07:20:57.114Z",
    "dateUpdated": "2025-09-29T05:57:33.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-39694\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-05T18:15:46.247\",\"lastModified\":\"2025-09-08T16:25:38.810\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ns390/sclp: Fix SCCB present check\\n\\nTracing code called by the SCLP interrupt handler contains early exits\\nif the SCCB address associated with an interrupt is NULL. This check is\\nperformed after physical to virtual address translation.\\n\\nIf the kernel identity mapping does not start at address zero, the\\nresulting virtual address is never zero, so that the NULL checks won\u0027t\\nwork. Subsequently this may result in incorrect accesses to the first\\npage of the identity mapping.\\n\\nFix this by introducing a function that handles the NULL case before\\naddress translation.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/430fa71027b6ac9bb0ce5532b8d0676777d4219a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/61605c847599fbfdfafe638607841c7d73719081\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/86c2825791c3836a8f77a954b9c5ebe6fab410c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa5073ac1a2a274812f3b04c278992e68ff67cc7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bf83ae3537359af088d6577812ed93113dfbcb7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…