CVE-2025-39939
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's s390 IOMMU subsystem allows reading from or writing to arbitrary memory locations when using identity domains. This affects Linux systems running on IBM Z/s390 architecture. The vulnerability can lead to system crashes, data corruption, or potential privilege escalation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, data loss, or potential privilege escalation to kernel mode.
Likely Case
System instability, crashes, or denial of service when accessing device statistics via sysfs.
If Mitigated
Limited impact if identity domains are not used or systems are patched.
🎯 Exploit Status
Requires local access and knowledge of system configuration. Discovered via KASAN testing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via git commits 17a58caf3863163c4a84a218a9649be2c8061443 and b3506e9bcc777ed6af2ab631c86a9990ed97b474
Vendor Advisory: https://git.kernel.org/stable/c/17a58caf3863163c4a84a218a9649be2c8061443
Restart Required: Yes
Instructions:
1. Update to patched kernel version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify patch is applied.
🔧 Temporary Workarounds
Disable identity domains
linuxAvoid using identity domains for devices on s390 systems if possible.
🧯 If You Can't Patch
- Restrict access to sysfs device statistics to trusted users only
- Monitor systems for KASAN reports or kernel panics related to zpci_fmb_enable_device
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on s390 architecture with IOMMU enabled. Look for KASAN reports mentioning zpci_fmb_enable_device.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the git commit fixes. Check dmesg for absence of KASAN reports related to this function.📡 Detection & Monitoring
Log Indicators:
- KASAN reports in dmesg/kernel logs
- Kernel panics or oops messages
- System crashes when accessing device statistics
SIEM Query:
source="kernel" AND ("KASAN" OR "zpci_fmb_enable_device" OR "global-out-of-bounds")