{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68751","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.032Z","datePublished":"2026-01-05T09:32:25.534Z","dateUpdated":"2026-05-11T21:52:38.615Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:38.615Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/fpu: Fix false-positive kmsan report in fpu_vstl()\n\nA false-positive kmsan report is detected when running ping command.\n\nAn inline assembly instruction 'vstl' can write varied amount of bytes\ndepending on value of 'index' argument. If 'index' > 0, 'vstl' writes\nat least 2 bytes.\n\nclang generates kmsan write helper call depending on inline assembly\nconstraints. Constraints are evaluated compile-time, but value of\n'index' argument is known only at runtime.\n\nclang currently generates call to __msan_instrument_asm_store with 1 byte\nas size. Manually call kmsan function to indicate correct amount of bytes\nwritten and fix false-positive report.\n\nThis change fixes following kmsan reports:\n\n[   36.563119] =====================================================\n[   36.563594] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[   36.563852]  virtqueue_add+0x35c6/0x7c70\n[   36.564016]  virtqueue_add_outbuf+0xa0/0xb0\n[   36.564266]  start_xmit+0x288c/0x4a20\n[   36.564460]  dev_hard_start_xmit+0x302/0x900\n[   36.564649]  sch_direct_xmit+0x340/0xea0\n[   36.564894]  __dev_queue_xmit+0x2e94/0x59b0\n[   36.565058]  neigh_resolve_output+0x936/0xb40\n[   36.565278]  __neigh_update+0x2f66/0x3a60\n[   36.565499]  neigh_update+0x52/0x60\n[   36.565683]  arp_process+0x1588/0x2de0\n[   36.565916]  NF_HOOK+0x1da/0x240\n[   36.566087]  arp_rcv+0x3e4/0x6e0\n[   36.566306]  __netif_receive_skb_list_core+0x1374/0x15a0\n[   36.566527]  netif_receive_skb_list_internal+0x1116/0x17d0\n[   36.566710]  napi_complete_done+0x376/0x740\n[   36.566918]  virtnet_poll+0x1bae/0x2910\n[   36.567130]  __napi_poll+0xf4/0x830\n[   36.567294]  net_rx_action+0x97c/0x1ed0\n[   36.567556]  handle_softirqs+0x306/0xe10\n[   36.567731]  irq_exit_rcu+0x14c/0x2e0\n[   36.567910]  do_io_irq+0xd4/0x120\n[   36.568139]  io_int_handler+0xc2/0xe8\n[   36.568299]  arch_cpu_idle+0xb0/0xc0\n[   36.568540]  arch_cpu_idle+0x76/0xc0\n[   36.568726]  default_idle_call+0x40/0x70\n[   36.568953]  do_idle+0x1d6/0x390\n[   36.569486]  cpu_startup_entry+0x9a/0xb0\n[   36.569745]  rest_init+0x1ea/0x290\n[   36.570029]  start_kernel+0x95e/0xb90\n[   36.570348]  startup_continue+0x2e/0x40\n[   36.570703]\n[   36.570798] Uninit was created at:\n[   36.571002]  kmem_cache_alloc_node_noprof+0x9e8/0x10e0\n[   36.571261]  kmalloc_reserve+0x12a/0x470\n[   36.571553]  __alloc_skb+0x310/0x860\n[   36.571844]  __ip_append_data+0x483e/0x6a30\n[   36.572170]  ip_append_data+0x11c/0x1e0\n[   36.572477]  raw_sendmsg+0x1c8c/0x2180\n[   36.572818]  inet_sendmsg+0xe6/0x190\n[   36.573142]  __sys_sendto+0x55e/0x8e0\n[   36.573392]  __s390x_sys_socketcall+0x19ae/0x2ba0\n[   36.573571]  __do_syscall+0x12e/0x240\n[   36.573823]  system_call+0x6e/0x90\n[   36.573976]\n[   36.574017] Byte 35 of 98 is uninitialized\n[   36.574082] Memory access of size 98 starts at 0000000007aa0012\n[   36.574218]\n[   36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B            N  6.17.0-dirty #16 NONE\n[   36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST\n[   36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux)\n[   36.574755] =====================================================\n\n[   63.532541] =====================================================\n[   63.533639] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[   63.533989]  virtqueue_add+0x35c6/0x7c70\n[   63.534940]  virtqueue_add_outbuf+0xa0/0xb0\n[   63.535861]  start_xmit+0x288c/0x4a20\n[   63.536708]  dev_hard_start_xmit+0x302/0x900\n[   63.537020]  sch_direct_xmit+0x340/0xea0\n[   63.537997]  __dev_queue_xmit+0x2e94/0x59b0\n[   63.538819]  neigh_resolve_output+0x936/0xb40\n[   63.539793]  ip_finish_output2+0x1ee2/0x2200\n[   63.540784]  __ip_finish_output+0x272/0x7a0\n[   63.541765]  ip_finish_output+0x4e/0x5e0\n[   63.542791]  ip_output+0x166/0x410\n[   63.543771]  ip_push_pending_frames+0x1a2/0x470\n[   63.544753]  raw_sendmsg+0x1f06/0x2180\n[   63.545033]  inet_sendmsg+0xe6/0x190\n[   63.546006]  __sys_sendto+0x55e/0x8e0\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/s390/include/asm/fpu-insn.h"],"versions":[{"version":"dcd3e1de9d17dc43dfed87a9fc814b9dec508043","lessThan":"946357a538bb47740635c25520924351d2d91544","status":"affected","versionType":"git"},{"version":"dcd3e1de9d17dc43dfed87a9fc814b9dec508043","lessThan":"13dcd6308cb8f67134ee5d5d762b2a66363c695b","status":"affected","versionType":"git"},{"version":"dcd3e1de9d17dc43dfed87a9fc814b9dec508043","lessThan":"14e4e4175b64dd9216b522f6ece8af6997d063b2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/s390/include/asm/fpu-insn.h"],"versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/946357a538bb47740635c25520924351d2d91544"},{"url":"https://git.kernel.org/stable/c/13dcd6308cb8f67134ee5d5d762b2a66363c695b"},{"url":"https://git.kernel.org/stable/c/14e4e4175b64dd9216b522f6ece8af6997d063b2"}],"title":"s390/fpu: Fix false-positive kmsan report in fpu_vstl()","x_generator":{"engine":"bippy-1.2.0"}}}}