Null Pointer Dereference Vulnerability in Linux Kernel's s390/sclp Console Initialization
CVE-2025-37883

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 May 2025

Summary

A vulnerability in the Linux kernel related to the s390/sclp console initialization has been identified, which could potentially lead to a null pointer dereference. This issue arises from a lack of checks on the return value of the get_zeroed_page() function within sclp_console_init(). To mitigate this, a proper validation mechanism has been introduced in the code to prevent crashes caused by null references. Additionally, a memory leak previously triggered by the loop allocation has been addressed with a new memory management helper function, ensuring that unused memory is appropriately released.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 397254706eba9d8f99fd237feede7ab3169a7f9a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 28e5a867aa542e369e211c2baba7044228809a99

References

https://git.kernel.org/stable/c/e1e00dc45648125ef7cb87ebc...

https://git.kernel.org/stable/c/397254706eba9d8f99fd237fe...

https://git.kernel.org/stable/c/28e5a867aa542e369e211c2ba...

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Apr 16, 2025