Linux Kernel Vulnerability in s390/pci Affects Device Creation
CVE-2025-37974

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37974?

A vulnerability has been identified in the Linux kernel's s390/pci subsystem related to the zpci_create_device() function. This flaw arises from a failure to verify that the function returns a valid pointer before it is subsequently dereferenced. If this check is omitted, it could lead to improper handling of device entries within the scan_list, risking undefined behavior and potential system instability. Implementing this critical check is essential to ensure robust device management and prevent potential exploit scenarios.

Affected Version(s)

Linux 1f3b309108fd0660ea8614a72328ba866ccd3378

Linux 0467cdde8c4320bbfdb31a8cff1277b202f677fc < 2769b718e164df983c20c314b263a71a699be6cd

Linux 0467cdde8c4320bbfdb31a8cff1277b202f677fc < 42420c50c68f3e95e90de2479464f420602229fc

References

https://git.kernel.org/stable/c/be54b750c333a9db7c3b36868...

https://git.kernel.org/stable/c/2769b718e164df983c20c314b...

https://git.kernel.org/stable/c/42420c50c68f3e95e90de2479...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025