IOMMU Vulnerability in Linux Kernel Affecting s390 Hypervisor Operations
CVE-2025-39958

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-39958?

A vulnerability exists in the Linux kernel where the IOMMU subsystem does not properly handle surprise removal of PCI devices. When such devices are removed unexpectedly, attempts to attach them to the default domain can fail, leading to potential operational disruptions in the hypervisor environment. This situation can result in invalid device handles being processed, causing errors in DMA operations. By ensuring that the system proceeds as though the registration was successful, despite the removal, the vulnerability aims to enhance stability and error handling for s390 devices in hypervisor environments.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 359613f2fa009587154511e4842e8ab9532edd15

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ffaf5229055fcfbb3b3d6f1c7e58d63715c3f73

Linux 6.16.9 <= 6.16.*

References

https://git.kernel.org/stable/c/359613f2fa009587154511e48...

https://git.kernel.org/stable/c/9ffaf5229055fcfbb3b3d6f1c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON