Primary

Context

Linux Kernel KVM: s390/diag Racy Access Vulnerability in Diag 9c Handler

Vulnerability

Patched

A vulnerability exists in the Linux kernel's KVM module for s390 architecture, specifically within the diag 9c handler. This issue arises from a race condition in how the physical CPU number is accessed, which can lead to out-of-bounds errors when referencing CPU arrays. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could cause out-of-bounds accesses to CPU arrays, potentially leading to memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by using the KVM module on a s390 system and invoking the diag 9c (directed yield) forwarding feature. The race condition occurs when the target CPU is checked and used, as the value may change between the check and the actual use, leading to a racy access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Sep 15, 2025, 6:06 PM

Updated: Sep 15, 2025, 6:06 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM: s390/diag Racy Access Vulnerability in Diag 9c Handler

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating