CVE-2025-39694

Опубликовано: 05 сент. 2025

Источник: redhat

CVSS3: 7

Описание

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation. If the kernel identity mapping does not start at address zero, the resulting virtual address is never zero, so that the NULL checks won't work. Subsequently this may result in incorrect accesses to the first page of the identity mapping. Fix this by introducing a function that handles the NULL case before address translation.

Отчет

This vulnerability does not affect Red Hat Enterprise Linux versions 9.4 and prior. On s390, the SCLP interrupt tracing path translated the SCCB interrupt address to a virtual address before checking for NULL. If the kernel’s identity mapping does not start at 0, the post-translation pointer is never zero, so the NULL check fails and the code may touch the first page of the identity map, leading to a kernel crash. This issue is specific to the s390 architecture and does not affect other platforms.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Affected
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:16398	23.09.2025
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:16398	23.09.2025