CVE-2025-37946
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37946
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37946.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-37946
- Downstream
- Related
- Published
- 2025-05-20T16:01:43Z
- Modified
- 2025-10-22T10:47:17.057763Z
- Summary
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
s390/pci: Fix duplicate pcidevput() in disable_slot() when PF has child VFs
With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize state of zpcidev's") the code to ignore power off of a PF that has child VFs was changed from a direct return to a goto to the unlock and pcidevput() section. The change however left the existing pcidevput() untouched resulting in a doubple put. This can subsequently cause a use after free if the struct pcidev is released in an unexpected state. Fix this by removing the extra pcidevput().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbcb5d6c769039c8358a2359e7c3ea5d97ce93108Fixedc488f8b53e156d6dcc0514ef0afa3a33376b8f9e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbcb5d6c769039c8358a2359e7c3ea5d97ce93108Fixed957529baef142d95e0d1b1bea786675bd47dbe53
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbcb5d6c769039c8358a2359e7c3ea5d97ce93108Fixed05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.15-rc1
v6.15-rc2
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c488f8b53e156d6dcc0514ef0afa3a33376b8f9e",
"target": {
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-337ab1c0",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"293644342002604019588427643727765345492",
"245381687783599155176656142458401375631",
"142857359356335908671614129950725298445",
"54997307717174352846788836512676908142"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@957529baef142d95e0d1b1bea786675bd47dbe53",
"target": {
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-39cce25b",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"293644342002604019588427643727765345492",
"245381687783599155176656142458401375631",
"142857359356335908671614129950725298445",
"54997307717174352846788836512676908142"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1",
"target": {
"function": "disable_slot",
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-8b76c953",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "318510390878924406458770992963303617462",
"length": 515.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c488f8b53e156d6dcc0514ef0afa3a33376b8f9e",
"target": {
"function": "disable_slot",
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-bb735df1",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "318510390878924406458770992963303617462",
"length": 515.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1",
"target": {
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-bfd9ecfc",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"293644342002604019588427643727765345492",
"245381687783599155176656142458401375631",
"142857359356335908671614129950725298445",
"54997307717174352846788836512676908142"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@957529baef142d95e0d1b1bea786675bd47dbe53",
"target": {
"function": "disable_slot",
"file": "drivers/pci/hotplug/s390_pci_hpc.c"
},
"id": "CVE-2025-37946-ca3251c7",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "318510390878924406458770992963303617462",
"length": 515.0
}
}
]