CVE-2025-38733

EUVD-2025-31556

05.09.2025, 18:15

In the Linux kernel, the following vulnerability has been resolved:

s390/mm: Do not map lowcore with identity mapping

Since the identity mapping is pinned to address zero the lowcore is always
also mapped to address zero, this happens regardless of the relocate_lowcore
command line option. If the option is specified the lowcore is mapped
twice, instead of only once.

This means that NULL pointer accesses will succeed instead of causing an
exception (low address protection still applies, but covers only parts).
To fix this never map the first two pages of physical memory with the
identity mapping.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.10.11 ≤ 𝑥 < 6.11
linux	linux_kernel	6.11.1 ≤ 𝑥 < 6.12.44
linux	linux_kernel	6.13 ≤ 𝑥 < 6.16.4
linux	linux_kernel	6.11
linux	linux_kernel	6.11:rc5
linux	linux_kernel	6.11:rc6
linux	linux_kernel	6.11:rc7
linux	linux_kernel	6.17:rc1
linux	linux_kernel	6.17:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.159-1 not-affected
bookworm (security)	6.1.162-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.249-1 fixed
forky	6.18.15-1 fixed
sid	6.18.15-1 fixed
trixie	6.12.63-1 fixed
trixie (security)	6.12.73-1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/1d7864acd497cb468a998d44631f84896f885e85

https://git.kernel.org/stable/c/30bf5728bb217a6d1ba73f44094c9b9c6bc9a567

https://git.kernel.org/stable/c/93f616ff870a1fb7e84d472cad0af651b18f9f87