{"id":"CVE-2025-68751","summary":"s390/fpu: Fix false-positive kmsan report in fpu_vstl()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/fpu: Fix false-positive kmsan report in fpu_vstl()\n\nA false-positive kmsan report is detected when running ping command.\n\nAn inline assembly instruction 'vstl' can write varied amount of bytes\ndepending on value of 'index' argument. If 'index' \u003e 0, 'vstl' writes\nat least 2 bytes.\n\nclang generates kmsan write helper call depending on inline assembly\nconstraints. Constraints are evaluated compile-time, but value of\n'index' argument is known only at runtime.\n\nclang currently generates call to __msan_instrument_asm_store with 1 byte\nas size. Manually call kmsan function to indicate correct amount of bytes\nwritten and fix false-positive report.\n\nThis change fixes following kmsan reports:\n\n[   36.563119] =====================================================\n[   36.563594] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[   36.563852]  virtqueue_add+0x35c6/0x7c70\n[   36.564016]  virtqueue_add_outbuf+0xa0/0xb0\n[   36.564266]  start_xmit+0x288c/0x4a20\n[   36.564460]  dev_hard_start_xmit+0x302/0x900\n[   36.564649]  sch_direct_xmit+0x340/0xea0\n[   36.564894]  __dev_queue_xmit+0x2e94/0x59b0\n[   36.565058]  neigh_resolve_output+0x936/0xb40\n[   36.565278]  __neigh_update+0x2f66/0x3a60\n[   36.565499]  neigh_update+0x52/0x60\n[   36.565683]  arp_process+0x1588/0x2de0\n[   36.565916]  NF_HOOK+0x1da/0x240\n[   36.566087]  arp_rcv+0x3e4/0x6e0\n[   36.566306]  __netif_receive_skb_list_core+0x1374/0x15a0\n[   36.566527]  netif_receive_skb_list_internal+0x1116/0x17d0\n[   36.566710]  napi_complete_done+0x376/0x740\n[   36.566918]  virtnet_poll+0x1bae/0x2910\n[   36.567130]  __napi_poll+0xf4/0x830\n[   36.567294]  net_rx_action+0x97c/0x1ed0\n[   36.567556]  handle_softirqs+0x306/0xe10\n[   36.567731]  irq_exit_rcu+0x14c/0x2e0\n[   36.567910]  do_io_irq+0xd4/0x120\n[   36.568139]  io_int_handler+0xc2/0xe8\n[   36.568299]  arch_cpu_idle+0xb0/0xc0\n[   36.568540]  arch_cpu_idle+0x76/0xc0\n[   36.568726]  default_idle_call+0x40/0x70\n[   36.568953]  do_idle+0x1d6/0x390\n[   36.569486]  cpu_startup_entry+0x9a/0xb0\n[   36.569745]  rest_init+0x1ea/0x290\n[   36.570029]  start_kernel+0x95e/0xb90\n[   36.570348]  startup_continue+0x2e/0x40\n[   36.570703]\n[   36.570798] Uninit was created at:\n[   36.571002]  kmem_cache_alloc_node_noprof+0x9e8/0x10e0\n[   36.571261]  kmalloc_reserve+0x12a/0x470\n[   36.571553]  __alloc_skb+0x310/0x860\n[   36.571844]  __ip_append_data+0x483e/0x6a30\n[   36.572170]  ip_append_data+0x11c/0x1e0\n[   36.572477]  raw_sendmsg+0x1c8c/0x2180\n[   36.572818]  inet_sendmsg+0xe6/0x190\n[   36.573142]  __sys_sendto+0x55e/0x8e0\n[   36.573392]  __s390x_sys_socketcall+0x19ae/0x2ba0\n[   36.573571]  __do_syscall+0x12e/0x240\n[   36.573823]  system_call+0x6e/0x90\n[   36.573976]\n[   36.574017] Byte 35 of 98 is uninitialized\n[   36.574082] Memory access of size 98 starts at 0000000007aa0012\n[   36.574218]\n[   36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B            N  6.17.0-dirty #16 NONE\n[   36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST\n[   36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux)\n[   36.574755] =====================================================\n\n[   63.532541] =====================================================\n[   63.533639] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[   63.533989]  virtqueue_add+0x35c6/0x7c70\n[   63.534940]  virtqueue_add_outbuf+0xa0/0xb0\n[   63.535861]  start_xmit+0x288c/0x4a20\n[   63.536708]  dev_hard_start_xmit+0x302/0x900\n[   63.537020]  sch_direct_xmit+0x340/0xea0\n[   63.537997]  __dev_queue_xmit+0x2e94/0x59b0\n[   63.538819]  neigh_resolve_output+0x936/0xb40\n[   63.539793]  ip_finish_output2+0x1ee2/0x2200\n[   63.540784]  __ip_finish_output+0x272/0x7a0\n[   63.541765]  ip_finish_output+0x4e/0x5e0\n[   63.542791]  ip_output+0x166/0x410\n[   63.543771]  ip_push_pending_frames+0x1a2/0x470\n[   63.544753]  raw_sendmsg+0x1f06/0x2180\n[   63.545033]  inet_sendmsg+0xe6/0x190\n[   63.546006]  __sys_sendto+0x55e/0x8e0\n---truncated---","modified":"2026-04-02T13:03:46.422692Z","published":"2026-01-05T09:32:25.534Z","related":["openSUSE-SU-2026:10039-1","openSUSE-SU-2026:10301-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68751.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13dcd6308cb8f67134ee5d5d762b2a66363c695b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/14e4e4175b64dd9216b522f6ece8af6997d063b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/946357a538bb47740635c25520924351d2d91544"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68751.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68751"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dcd3e1de9d17dc43dfed87a9fc814b9dec508043"},{"fixed":"946357a538bb47740635c25520924351d2d91544"},{"fixed":"13dcd6308cb8f67134ee5d5d762b2a66363c695b"},{"fixed":"14e4e4175b64dd9216b522f6ece8af6997d063b2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68751.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.9.0"},{"fixed":"6.17.13"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68751.json"}}],"schema_version":"1.7.5"}