CVE-2025-39694 – This CVE-2025-39694 is a NULL pointer dereferen... (How to Fix)

Q: What is the severity of CVE-2025-39694?

CVE-2025-39694 has a CVSS score of 5.5 (MEDIUM). This CVE-2025-39694 is a NULL pointer dereference vulnerability in the Linux kernel's SCLP (Service Call Logical Processor) subsystem on s390 architecture. It allows potential access to the first page of kernel identity mapping when the kernel identity mapping doesn't start at address zero. This affects Linux systems running on IBM s390/s390x architecture.

📋 TL;DR

This CVE-2025-39694 is a NULL pointer dereference vulnerability in the Linux kernel's SCLP (Service Call Logical Processor) subsystem on s390 architecture. It allows potential access to the first page of kernel identity mapping when the kernel identity mapping doesn't start at address zero. This affects Linux systems running on IBM s390/s390x architecture.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description, but references indicate stable kernel patches.

Operating Systems: Linux distributions running on IBM s390/s390x architecture

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where kernel identity mapping doesn't start at address zero on s390 architecture.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel crash or potential information disclosure from kernel memory, possibly leading to denial of service or limited information leakage.

🟠

Likely Case

Kernel panic or system crash resulting in denial of service, requiring system reboot.

🟢

If Mitigated

No impact if the kernel identity mapping starts at address zero or the system is not s390 architecture.

🌐 Internet-Facing: LOW - Requires local access and s390 architecture.

🏢 Internal Only: MEDIUM - Local attackers on s390 systems could cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and specific s390 architecture conditions. Exploitation depends on kernel identity mapping configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions referenced in git commits

Vendor Advisory: https://git.kernel.org/stable/c/430fa71027b6ac9bb0ce5532b8d0676777d4219a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

No known workarounds

all

This is a kernel-level bug requiring patching

🧯 If You Can't Patch

Restrict local user access to s390 systems
Monitor for kernel panic/crash events and investigate root causes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -a should show s390/s390x and kernel version before patches

Check Version:

uname -a

Verify Fix Applied:

Verify kernel version is updated to patched version and system architecture

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
SCLP subsystem errors in dmesg
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel panic' OR 'SCLP' OR 'NULL pointer dereference' in system logs

📊 Metadata

CVE ID: CVE-2025-39694

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: September 5, 2025

Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39694, you might also want to check these: