CVE-2025-39939

zpcigetiommuctrs() returns counter information to be reported as part of device statistics; these counters are stored as part of the s390domain. The problem, however, is that the identity domain is not backed by an s390domain and so the conversion via tos390_domain() yields a bad address that is zero'd initially and read on-demand later via a sysfs read. These counters aren't necessary for the identity domain; just return NULL in this case.

This issue was discovered via KASAN with reports that look like: BUG: KASAN: global-out-of-bounds in zpcifmbenable_device when using the identity domain for a device on s390.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39939.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

64af12c6ec3afd7d44bc8b2044eee59f98059087

Fixed

17a58caf3863163c4a84a218a9649be2c8061443

Fixed

b3506e9bcc777ed6af2ab631c86a9990ed97b474

Affected versions

v6.*

v6.14

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.16.1

v6.16.2

v6.16.3

v6.16.4

v6.16.5

v6.16.6

v6.16.7

v6.16.8

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39939.json"