CVE-2025-38257
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.36 (inc) |
| debian | debian_linux | 11.0 |
| linux | linux_kernel | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's s390 architecture involves an overflow in the size calculation for the memdup_user() function. The number of apqn target list entries ('nr_apqns') is provided by userspace via an ioctl call, and the multiplication used to calculate the size passed to memdup_user() can overflow. This causes a mismatch between the actual allocated memory size and the size value, leading to unpredictable behavior. The issue is fixed by using memdup_array_user(), which detects and returns an error on overflow.
How can this vulnerability impact me? :
The overflow in size calculation can cause the kernel to allocate less memory than expected, leading to unpredictable behavior such as memory corruption, crashes, or potential security issues. This could affect system stability and security on affected Linux systems using the s390 architecture.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the vulnerability in s390/pkey related to memdup_user() overflow has been fixed. This involves applying the patch that uses the proper memdup_array_user() helper to prevent overflow. Until then, avoid using vulnerable ioctl calls that set nr_apqns from untrusted userspace inputs.