{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:47:40.437","vulnerabilities":[{"cve":{"id":"CVE-2025-38359","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-25T13:15:24.687","lastModified":"2025-11-18T20:33:01.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[<00000383ea47cfa2>] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G        W           6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [<00000383e990d282>] dump_stack_lvl+0xa2/0xe8\n [<00000383e99bf152>] __might_resched+0x292/0x2d0\n [<00000383eaa7c374>] down_read+0x34/0x2d0\n [<00000383e99432f8>] do_secure_storage_access+0x108/0x360\n [<00000383eaa724b0>] __do_pgm_check+0x130/0x220\n [<00000383eaa842e4>] pgm_check_handler+0x114/0x160\n [<00000383ea47d028>] copy_page_from_iter_atomic+0x128/0x8a0\n([<00000383ea47d016>] copy_page_from_iter_atomic+0x116/0x8a0)\n [<00000383e9c45eae>] generic_perform_write+0x16e/0x310\n [<00000383e9eb87f4>] ext4_buffered_write_iter+0x84/0x160\n [<00000383e9da0de4>] vfs_write+0x1c4/0x460\n [<00000383e9da123c>] ksys_write+0x7c/0x100\n [<00000383eaa7284e>] __do_syscall+0x15e/0x280\n [<00000383eaa8417e>] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage)."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/mm: Se corrige la gestión de in_atomic() en do_secure_storage_access(). Los accesos a espacios de usuario del kernel a páginas no exportadas en contexto atómico intentan resolver incorrectamente el fallo de página. Con las opciones de depuración habilitadas, se pueden observar seguimientos de llamadas como este: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [&lt;00000383ea47cfa2&gt;] copy_page_from_iter_atomic+0xa2/0x8a0 CPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39 Tainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT Tainted: [W]=WARN Hardware name: IBM 3931 A01 703 (LPAR) Call Trace: [&lt;00000383e990d282&gt;] dump_stack_lvl+0xa2/0xe8 [&lt;00000383e99bf152&gt;] __might_resched+0x292/0x2d0 [&lt;00000383eaa7c374&gt;] down_read+0x34/0x2d0 [&lt;00000383e99432f8&gt;] do_secure_storage_access+0x108/0x360 [&lt;00000383eaa724b0&gt;] __do_pgm_check+0x130/0x220 [&lt;00000383eaa842e4&gt;] pgm_check_handler+0x114/0x160 [&lt;00000383ea47d028&gt;] copy_page_from_iter_atomic+0x128/0x8a0 ([&lt;00000383ea47d016&gt;] copy_page_from_iter_atomic+0x116/0x8a0) [&lt;00000383e9c45eae&gt;] generic_perform_write+0x16e/0x310 [&lt;00000383e9eb87f4&gt;] ext4_buffered_write_iter+0x84/0x160 [&lt;00000383e9da0de4&gt;] vfs_write+0x1c4/0x460 [&lt;00000383e9da123c&gt;] ksys_write+0x7c/0x100 [&lt;00000383eaa7284e&gt;] __do_syscall+0x15e/0x280 [&lt;00000383eaa8417e&gt;] system_call+0x6e/0x90 INFO: lockdep is turned off. No se permite usar mmap_lock en contexto atómico. Por lo tanto, se gestiona un fallo de acceso al almacenamiento seguro como si la página accedida no estuviera mapeada: la función uaccess devolverá -EFAULT, y el usuario que realiza la llamada debe gestionarlo. Normalmente, esto significa que se reintenta el acceso en contexto de proceso, lo que permite resolver el fallo de página (o, en este caso, exportar la página)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.15.5","matchCriteriaId":"4B58D73D-F2CA-40B1-A4E0-CAC4B1C67AB2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11709abccf93b08adde95ef313c300b0d4bc28f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d2e317dfd2d1fe416c77315d17c5d57dbe374915","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}