CVE-2023-52639: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent.
AI Analysis
Technical Summary
CVE-2023-52639 is a vulnerability identified in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically affecting the s390 architecture virtualization implementation (vsie). The issue arises due to a race condition during the creation of a shadow guest memory mapping (gmap). In the vulnerable code path, the gmap->private field, which is intended to reference the associated KVM instance, can be observed as zero (NULL) within the kvm_s390_vsie_gmap_notifier function. This occurs because the assignment of gmap->private to the KVM instance happens after the gmap is created, leading to a window where the field is uninitialized. The race condition can cause a kernel crash when the notifier attempts to access this uninitialized pointer. The root cause is that child gmaps do not inherit the private field from their parent, which leads to inconsistent state during concurrent operations. The fix involves ensuring that children inherit the private field from their parent gmap, preventing the race condition and subsequent crash. This vulnerability is specific to the s390 KVM virtualization code path and does not affect other architectures or general Linux kernel operations. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations utilizing Linux-based virtualization infrastructure on IBM Z (s390) hardware, this vulnerability could lead to denial of service conditions due to kernel crashes in virtualized environments. This can disrupt critical workloads running on KVM virtual machines, potentially impacting availability of services. While the vulnerability does not appear to allow privilege escalation or data leakage, the instability caused by kernel crashes can result in operational downtime, loss of productivity, and increased support costs. Organizations running s390 KVM virtualization in data centers or cloud environments may face service interruptions if the vulnerability is triggered. Since the issue is architecture-specific, the impact is limited to environments using IBM Z mainframes with KVM virtualization, which are more common in enterprise and financial sectors. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the crash.
Mitigation Recommendations
European organizations should promptly apply the official Linux kernel patches that address this race condition in the s390 KVM virtualization code. Since the vulnerability arises from a race during shadow gmap creation, ensuring all kernel updates from trusted sources are installed is critical. Organizations should audit their infrastructure to identify systems running Linux on s390 hardware with KVM enabled and prioritize patching these systems. Additionally, implementing robust monitoring of kernel logs and virtualization stability can help detect early signs of exploitation or accidental triggering. Where possible, scheduling maintenance windows to update and reboot affected hosts will minimize disruption. For environments where immediate patching is not feasible, temporarily disabling KVM virtualization on s390 systems may be considered as a risk mitigation measure, although this will impact virtualization capabilities. Engaging with hardware and Linux distribution vendors for guidance and updates is recommended to ensure comprehensive protection.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Switzerland
CVE-2023-52639: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent.
AI-Powered Analysis
Technical Analysis
CVE-2023-52639 is a vulnerability identified in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically affecting the s390 architecture virtualization implementation (vsie). The issue arises due to a race condition during the creation of a shadow guest memory mapping (gmap). In the vulnerable code path, the gmap->private field, which is intended to reference the associated KVM instance, can be observed as zero (NULL) within the kvm_s390_vsie_gmap_notifier function. This occurs because the assignment of gmap->private to the KVM instance happens after the gmap is created, leading to a window where the field is uninitialized. The race condition can cause a kernel crash when the notifier attempts to access this uninitialized pointer. The root cause is that child gmaps do not inherit the private field from their parent, which leads to inconsistent state during concurrent operations. The fix involves ensuring that children inherit the private field from their parent gmap, preventing the race condition and subsequent crash. This vulnerability is specific to the s390 KVM virtualization code path and does not affect other architectures or general Linux kernel operations. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations utilizing Linux-based virtualization infrastructure on IBM Z (s390) hardware, this vulnerability could lead to denial of service conditions due to kernel crashes in virtualized environments. This can disrupt critical workloads running on KVM virtual machines, potentially impacting availability of services. While the vulnerability does not appear to allow privilege escalation or data leakage, the instability caused by kernel crashes can result in operational downtime, loss of productivity, and increased support costs. Organizations running s390 KVM virtualization in data centers or cloud environments may face service interruptions if the vulnerability is triggered. Since the issue is architecture-specific, the impact is limited to environments using IBM Z mainframes with KVM virtualization, which are more common in enterprise and financial sectors. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the crash.
Mitigation Recommendations
European organizations should promptly apply the official Linux kernel patches that address this race condition in the s390 KVM virtualization code. Since the vulnerability arises from a race during shadow gmap creation, ensuring all kernel updates from trusted sources are installed is critical. Organizations should audit their infrastructure to identify systems running Linux on s390 hardware with KVM enabled and prioritize patching these systems. Additionally, implementing robust monitoring of kernel logs and virtualization stability can help detect early signs of exploitation or accidental triggering. Where possible, scheduling maintenance windows to update and reboot affected hosts will minimize disruption. For environments where immediate patching is not feasible, temporarily disabling KVM virtualization on s390 systems may be considered as a risk mitigation measure, although this will impact virtualization capabilities. Engaging with hardware and Linux distribution vendors for guidance and updates is recommended to ensure comprehensive protection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-06T09:52:12.093Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe7195
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 5:10:40 AM
Last updated: 8/6/2025, 6:59:45 AM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.