SCLP Interrupt Handler Vulnerability in Linux Kernel by IBM
CVE-2025-39694

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39694?

A vulnerability exists in the Linux kernel's handling of the SCLP interrupt, where the tracing code allows for potential improper access due to ineffective NULL checks. This issue arises when the SCCB address associated with an interrupt is NULL and the kernel's identity mapping does not start at address zero. Consequently, the virtual address checks may fail, leading to unintended access to memory. A fix has been implemented to introduce a method that addresses NULL cases prior to translating physical addresses, mitigating risks of incorrect memory access.

Affected Version(s)

Linux ada1da31ce34248bc97ca8f801f2cf6efa378a81

Linux ada1da31ce34248bc97ca8f801f2cf6efa378a81 < 86c2825791c3836a8f77a954b9c5ebe6fab410c5

Linux ada1da31ce34248bc97ca8f801f2cf6efa378a81 < 61605c847599fbfdfafe638607841c7d73719081

References

https://git.kernel.org/stable/c/aa5073ac1a2a274812f3b04c2...

https://git.kernel.org/stable/c/86c2825791c3836a8f77a954b...

https://git.kernel.org/stable/c/61605c847599fbfdfafe63860...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025