CVE-2025-39958

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s IOMMU subsystem for s390 architectures. Specifically, when a PCI device is unexpectedly removed (surprise hotplug), attempts to attach the device to the default domain can fail because the hypervisor no longer recognizes the device handle. This failure triggers a warning within the IOMMU group setting function. The fix allows the process to continue as if the registration was successful, relying on hotplug event handling for cleanup, similar to how devices in an error state are managed. This prevents errors during device removal and ensures proper handling of the situation when the device is fenced by the hypervisor, preventing DMA operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.