CVE-2025-38072

Summary

In the Linux kernel, the following vulnerability has been resolved:

libnvdimm/labels: Fix divide error in nd_label_data_init()

If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver:

Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]

Code and flow:

  1. CXL Command 4000h returns LSA size = 0
  2. config_size is assigned to zero LSA size (CXL pmem driver):

drivers/cxl/pmem.c: .config_size = mds->lsa_size,

  1. max_xfer is set to zero (nvdimm driver):

drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);

  1. A subsequent DIV_ROUND_UP() causes a division by zero:

drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size);

Fix this by checking the config size parameter by extending an existing check.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 2bd4a938d2eda96ab7288b8fa5aae84a1de8c4caaffected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 396c46d3f59a18ebcc500640e749f16e197d472baffected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < f49c337037df029440a8390380dd35d2cf5924d3affected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < db1aef51b8e66a77f76b1250b914589c31a0a0edaffected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < ea3d95e05e97ea20fd6513f647393add16fce3b2affected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 1d1e1efad1cf049e888bf175a5c6be85d792620caffected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < e14347f647ca6d76fe1509b6703e340f2d5e2716affected
LinuxLinux7d47aad4570e5e6e9a8162bb417ca9b74132f27c < ef1d3455bbc1922f94a91ed58d3d7db440652959affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.294 <= 5.4.*unaffected
LinuxLinux5.10.238 <= 5.10.*unaffected
LinuxLinux5.15.185 <= 5.15.*unaffected
LinuxLinux6.1.141 <= 6.1.*unaffected
LinuxLinux6.6.93 <= 6.6.*unaffected
LinuxLinux6.12.31 <= 6.12.*unaffected
LinuxLinux6.14.9 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References