{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38733", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.033Z", "datePublished": "2025-09-05T17:20:33.075Z", "dateUpdated": "2025-09-05T17:20:33.075Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-05T17:20:33.075Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Do not map lowcore with identity mapping\n\nSince the identity mapping is pinned to address zero the lowcore is always\nalso mapped to address zero, this happens regardless of the relocate_lowcore\ncommand line option. If the option is specified the lowcore is mapped\ntwice, instead of only once.\n\nThis means that NULL pointer accesses will succeed instead of causing an\nexception (low address protection still applies, but covers only parts).\nTo fix this never map the first two pages of physical memory with the\nidentity mapping."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/boot/vmem.c"], "versions": [{"version": "32db401965f165f7c44447d0508097f070c8f576", "lessThan": "30bf5728bb217a6d1ba73f44094c9b9c6bc9a567", "status": "affected", "versionType": "git"}, {"version": "32db401965f165f7c44447d0508097f070c8f576", "lessThan": "1d7864acd497cb468a998d44631f84896f885e85", "status": "affected", "versionType": "git"}, {"version": "32db401965f165f7c44447d0508097f070c8f576", "lessThan": "93f616ff870a1fb7e84d472cad0af651b18f9f87", "status": "affected", "versionType": "git"}, {"version": "0b99d0e17d6a73a0526f92bc6b54b2b95e67a31d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/s390/boot/vmem.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.44", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.4", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.16.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.17-rc3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/30bf5728bb217a6d1ba73f44094c9b9c6bc9a567"}, {"url": "https://git.kernel.org/stable/c/1d7864acd497cb468a998d44631f84896f885e85"}, {"url": "https://git.kernel.org/stable/c/93f616ff870a1fb7e84d472cad0af651b18f9f87"}], "title": "s390/mm: Do not map lowcore with identity mapping", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Do not map lowcore with identity mapping\n\nSince the identity mapping is pinned to address zero the lowcore is always\nalso mapped to address zero, this happens regardless of the relocate_lowcore\ncommand line option. If the option is specified the lowcore is mapped\ntwice, instead of only once.\n\nThis means that NULL pointer accesses will succeed instead of causing an\nexception (low address protection still applies, but covers only parts).\nTo fix this never map the first two pages of physical memory with the\nidentity mapping."}], "id": "CVE-2025-38733", "lastModified": "2025-09-08T16:25:59.157", "metrics": {}, "published": "2025-09-05T18:15:42.550", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1d7864acd497cb468a998d44631f84896f885e85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/30bf5728bb217a6d1ba73f44094c9b9c6bc9a567"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93f616ff870a1fb7e84d472cad0af651b18f9f87"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: s390/mm: Do not map lowcore with identity mapping", "id": "2393520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393520"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-38733", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38733\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38733\nhttps://lore.kernel.org/linux-cve-announce/2025090543-CVE-2025-38733-65a1@gregkh/T"], "threat_severity": "Low"}