{ "threat_severity" : "Moderate", "public_date" : "2025-09-05T00:00:00Z", "bugzilla" : { "description" : "kernel: s390/sclp: Fix SCCB present check", "id" : "2393534", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2393534" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-1285", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ns390/sclp: Fix SCCB present check\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won't\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\nFix this by introducing a function that handles the NULL case before\naddress translation." ], "statement" : "This vulnerability does not affect Red Hat Enterprise Linux versions 9.4 and prior.\nOn s390, the SCLP interrupt tracing path translated the SCCB interrupt address to a virtual address before checking for NULL. If the kernel’s identity mapping does not start at 0, the post-translation pointer is never zero, so the NULL check fails and the code may touch the first page of the identity map, leading to a kernel crash.\nThis issue is specific to the s390 architecture and does not affect other platforms.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-09-29T00:00:00Z", "advisory" : "RHSA-2025:16904", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "kernel-0:6.12.0-55.37.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16398", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.46.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16398", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.46.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-39694\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39694\nhttps://lore.kernel.org/linux-cve-announce/2025090547-CVE-2025-39694-de23@gregkh/T" ], "name" : "CVE-2025-39694", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }