{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38257","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.997Z","datePublished":"2025-07-09T10:42:34.395Z","dateUpdated":"2026-05-11T21:24:18.078Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:24:18.078Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in 'nr_apqns' variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won't be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org)."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/s390/crypto/pkey_api.c"],"versions":[{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"ad1bdd24a02d5a8d119af8e4cd50933780a6d29f","status":"affected","versionType":"git"},{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"faa1ab4a23c42e34dc000ef4977b751d94d5148c","status":"affected","versionType":"git"},{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"88f3869649edbc4a13f6c2877091f81cd5a50f05","status":"affected","versionType":"git"},{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"f855b119e62b004a5044ed565f2a2b368c4d3f16","status":"affected","versionType":"git"},{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"73483ca7e07a5e39bdf612eec9d3d293e8bef649","status":"affected","versionType":"git"},{"version":"f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d","lessThan":"7360ee47599af91a1d5f4e74d635d9408a54e489","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/s390/crypto/pkey_api.c"],"versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","status":"unaffected","versionType":"semver"},{"version":"5.15.187","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.143","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.96","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.36","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.5","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.15.187"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.1.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.6.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.12.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.15.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ad1bdd24a02d5a8d119af8e4cd50933780a6d29f"},{"url":"https://git.kernel.org/stable/c/faa1ab4a23c42e34dc000ef4977b751d94d5148c"},{"url":"https://git.kernel.org/stable/c/88f3869649edbc4a13f6c2877091f81cd5a50f05"},{"url":"https://git.kernel.org/stable/c/f855b119e62b004a5044ed565f2a2b368c4d3f16"},{"url":"https://git.kernel.org/stable/c/73483ca7e07a5e39bdf612eec9d3d293e8bef649"},{"url":"https://git.kernel.org/stable/c/7360ee47599af91a1d5f4e74d635d9408a54e489"}],"title":"s390/pkey: Prevent overflow in size calculation for memdup_user()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:35:59.898Z"}}]}}