Vulnerability-Lookup

SUSE-SU-2026:0090-1

Vulnerability from csaf_suse - Published: 2026-01-12 10:34 - Updated: 2026-01-12 10:34

Summary

Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)

Description of the patch

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251984). - CVE-2025-38257: s390/pkey: prevent overflow in size calculation for memdup_user() (bsc#1246189).

Patchnames

SUSE-2026-106,SUSE-2026-90,SUSE-2026-93,SUSE-2026-94,SUSE-2026-95,SUSE-SLE-Module-Live-Patching-15-SP5-2026-93

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.97 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251984).\n- CVE-2025-38257: s390/pkey: prevent overflow in size calculation for memdup_user() (bsc#1246189).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-106,SUSE-2026-90,SUSE-2026-93,SUSE-2026-94,SUSE-2026-95,SUSE-SLE-Module-Live-Patching-15-SP5-2026-93",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0090-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0090-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260090-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0090-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023732.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1246189",
        "url": "https://bugzilla.suse.com/1246189"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251984",
        "url": "https://bugzilla.suse.com/1251984"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53574 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38257 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38257/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)",
    "tracking": {
      "current_release_date": "2026-01-12T10:34:10Z",
      "generator": {
        "date": "2026-01-12T10:34:10Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0090-1",
      "initial_release_date": "2026-01-12T10:34:10Z",
      "revision_history": [
        {
          "date": "2026-01-12T10:34:10Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53574",
          "url": "https://www.suse.com/security/cve/CVE-2023-53574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251222 for CVE-2023-53574",
          "url": "https://bugzilla.suse.com/1251222"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251984 for CVE-2023-53574",
          "url": "https://bugzilla.suse.com/1251984"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-12T10:34:10Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-53574"
    },
    {
      "cve": "CVE-2025-38257",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38257"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38257",
          "url": "https://www.suse.com/security/cve/CVE-2025-38257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246186 for CVE-2025-38257",
          "url": "https://bugzilla.suse.com/1246186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246189 for CVE-2025-38257",
          "url": "https://bugzilla.suse.com/1246189"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-12T10:34:10Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38257"
    }
  ]
}

CVE-2023-53574 (GCVE-0-2023-53574)

Vulnerability from cvelistv5 – Published: 2025-10-04 15:17 – Updated: 2025-10-06 09:07

Title

wifi: rtw88: delete timer and free skb queue when unloading

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtw_core_deinit()', shrink critical section in the latter by freeing COEX queue out of TX report lock scope.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2025-38257 (GCVE-0-2025-38257)

Vulnerability from cvelistv5 – Published: 2025-07-09 10:42 – Updated: 2025-11-03 17:35

Title

s390/pkey: Prevent overflow in size calculation for memdup_user()

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdup_user() may overflow. In this case the actual size of the allocated area and the value describing it won't be in sync leading to various types of unpredictable behaviour later. Use a proper memdup_array_user() helper which returns an error if an overflow is detected. Note that it is different from when nr_apqns is initially zero - that case is considered valid and should be handled in subsequent pkey_handler implementations. Found by Linux Verification Center (linuxtesting.org).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ad1bdd24a02d5a8d1…
	https://git.kernel.org/stable/c/faa1ab4a23c42e34d…
	https://git.kernel.org/stable/c/88f3869649edbc4a1…
	https://git.kernel.org/stable/c/f855b119e62b004a5…
	https://git.kernel.org/stable/c/73483ca7e07a5e39b…
	https://git.kernel.org/stable/c/7360ee47599af91a1…

Impacted products

Vendor

Product

Version

Linux

Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < ad1bdd24a02d5a8d119af8e4cd50933780a6d29f (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < faa1ab4a23c42e34dc000ef4977b751d94d5148c (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < 88f3869649edbc4a13f6c2877091f81cd5a50f05 (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < f855b119e62b004a5044ed565f2a2b368c4d3f16 (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < 73483ca7e07a5e39bdf612eec9d3d293e8bef649 (git)
Affected: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d , < 7360ee47599af91a1d5f4e74d635d9408a54e489 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.15.187 , ≤ 5.15.* (semver)
Unaffected: 6.1.143 , ≤ 6.1.* (semver)
Unaffected: 6.6.96 , ≤ 6.6.* (semver)
Unaffected: 6.12.36 , ≤ 6.12.* (semver)
Unaffected: 6.15.5 , ≤ 6.15.* (semver)
Unaffected: 6.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:35:59.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad1bdd24a02d5a8d119af8e4cd50933780a6d29f",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "faa1ab4a23c42e34dc000ef4977b751d94d5148c",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "88f3869649edbc4a13f6c2877091f81cd5a50f05",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "f855b119e62b004a5044ed565f2a2b368c4d3f16",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "73483ca7e07a5e39bdf612eec9d3d293e8bef649",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            },
            {
              "lessThan": "7360ee47599af91a1d5f4e74d635d9408a54e489",
              "status": "affected",
              "version": "f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.187",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.187",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.143",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.96",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.36",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:16:22.240Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad1bdd24a02d5a8d119af8e4cd50933780a6d29f"
        },
        {
          "url": "https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c"
        },
        {
          "url": "https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16"
        },
        {
          "url": "https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649"
        },
        {
          "url": "https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489"
        }
      ],
      "title": "s390/pkey: Prevent overflow in size calculation for memdup_user()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38257",
    "datePublished": "2025-07-09T10:42:34.395Z",
    "dateReserved": "2025-04-16T04:51:23.997Z",
    "dateUpdated": "2025-11-03T17:35:59.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0090-1

CVE-2023-53574 (GCVE-0-2023-53574)

CVE-2025-38257 (GCVE-0-2025-38257)

Tags

Sightings

Nomenclature