CVE-2025-38257
📋 TL;DR
A vulnerability in the Linux kernel's s390/pkey subsystem allows integer overflow when calculating memory allocation size for APQN target lists. This can lead to heap memory corruption when userspace provides malicious input via ioctl calls. Systems running affected Linux kernel versions on s390 architecture are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution in kernel context.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if proper access controls restrict ioctl calls to privileged users only.
🎯 Exploit Status
Exploitation requires local access and ability to make specific ioctl calls. The vulnerability was found through code analysis rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version from your distribution vendor. 2. For custom kernels, apply the fix from the stable kernel tree. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Restrict ioctl access
linuxLimit access to the vulnerable ioctl interface using SELinux, AppArmor, or capability restrictions.
# Example using capabilities: setcap -r /path/to/vulnerable-binary
# Use SELinux/AppArmor to restrict ioctl access to specific processes
🧯 If You Can't Patch
- Implement strict access controls to prevent unprivileged users from making ioctl calls to the pkey subsystem.
- Monitor system logs for kernel panics or unusual memory allocation patterns related to the pkey subsystem.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and architecture: uname -r and uname -m. If s390/s390x architecture and kernel version is before the fix, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to a version containing the fix commits. Check with: grep -q 'pkey.*memdup_array_user' /proc/kallsyms 2>/dev/null && echo 'Patched' || echo 'Possibly vulnerable'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- OOM killer activity related to pkey subsystem
- System crashes or unexpected reboots
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "pkey"🔗 References
- https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649
- https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489
- https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05
- https://git.kernel.org/stable/c/ad1bdd24a02d5a8d119af8e4cd50933780a6d29f
- https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16
- https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
