Linux Kernel s390/pci Device Addition Error Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's s390/pci subsystem has been addressed. The issue arose because the zpci_create_device() function returns an error pointer that must be checked before it is used as a struct zpci_dev pointer. The missing error check was added in the __clp_add() function, where the device was not properly added to the scan list. This omission could lead to the device being incorrectly managed, allowing for potential exploitation or instability.

Impact

The vulnerability could cause improper device management in the s390/pci subsystem, potentially leading to system instability or exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel s390/pci Device Addition Error Handling Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating