CVE-2025-37946
📋 TL;DR
A double-free vulnerability in the Linux kernel's s390 PCI subsystem could lead to use-after-free conditions when disabling PCI slots with child virtual functions. This affects Linux systems running on IBM Z/s390 architecture with PCI passthrough enabled. Attackers could potentially crash the kernel or execute arbitrary code with kernel privileges.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or privilege escalation allowing full system compromise via arbitrary code execution in kernel context.
Likely Case
System instability, kernel crashes, or denial of service affecting PCI device functionality on s390 systems.
If Mitigated
Limited impact if systems don't use PCI passthrough or aren't on s390 architecture; proper access controls limit exploitation vectors.
🎯 Exploit Status
Exploitation requires local access and specific s390 PCI configuration. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel releases via commits 05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1, 957529baef142d95e0d1b1bea786675bd47dbe53, c488f8b53e156d6dcc0514ef0afa3a33376b8f9e
Vendor Advisory: https://git.kernel.org/stable/c/05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1
Restart Required: Yes
Instructions:
1. Update to latest stable kernel version from your distribution. 2. For s390 systems: ensure kernel includes fix commits. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable PCI passthrough
linuxPrevent use of PCI virtual functions on s390 systems
echo 0 > /sys/bus/pci/devices/*/sriov_numvfs
🧯 If You Can't Patch
- Restrict local user access to systems with s390 PCI configuration
- Monitor for kernel panic logs and system instability on s390 systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and architecture: uname -r and uname -m. If s390 architecture and kernel version between affected commits, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1\|957529baef142d95e0d1b1bea786675bd47dbe53\|c488f8b53e156d6dcc0514ef0afa3a33376b8f9e' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- PCI subsystem errors in dmesg
- Use-after-free warnings in kernel logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "use-after-free" OR "pci_dev_put")