CVE-2025-39939

Published: Oct 4, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390_domain. The problem, however, is that the identity domain is not backed by an s390_domain and so the conversion via to_s390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case. This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpci_fmb_enable_device when using the identity domain for a device on s390.

Vendor	Product	Versions
Linux	Linux	affected `64af12c6ec3afd7d44bc8b2044eee59f98059087 - < 17a58caf3863163c4a84a218a9649be2c8061443` affected `64af12c6ec3afd7d44bc8b2044eee59f98059087 - < b3506e9bcc777ed6af2ab631c86a9990ed97b474`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.16.9 - <= 6.16.` unaffected `6.17 - <= `

References

https://git.kernel.org/stable/c/17a58caf3863163c4a84a218a9649be2c8061443

https://git.kernel.org/stable/c/b3506e9bcc777ed6af2ab631c86a9990ed97b474

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39939

Description

Affected Products

References