CVE-2025-38257
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38257
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38257.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38257
- Downstream
- Related
- Published
- 2025-07-09T10:42:34.395Z
- Modified
- 2025-11-28T02:34:16.906583Z
- Summary
- s390/pkey: Prevent overflow in size calculation for memdup_user()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Prevent overflow in size calculation for memdup_user()
Number of apqn target list entries contained in 'nrapqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdupuser() may overflow.
In this case the actual size of the allocated area and the value describing it won't be in sync leading to various types of unpredictable behaviour later.
Use a proper memduparrayuser() helper which returns an error if an overflow is detected. Note that it is different from when nrapqns is initially zero - that case is considered valid and should be handled in subsequent pkeyhandler implementations.
Found by Linux Verification Center (linuxtesting.org).
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38257.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649
- https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489
- https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05
- https://git.kernel.org/stable/c/ad1bdd24a02d5a8d119af8e4cd50933780a6d29f
- https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16
- https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38257.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38257
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553dFixedad1bdd24a02d5a8d119af8e4cd50933780a6d29fFixedfaa1ab4a23c42e34dc000ef4977b751d94d5148cFixed88f3869649edbc4a13f6c2877091f81cd5a50f05Fixedf855b119e62b004a5044ed565f2a2b368c4d3f16Fixed73483ca7e07a5e39bdf612eec9d3d293e8bef649Fixed7360ee47599af91a1d5f4e74d635d9408a54e489