CVE-2025-38072
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
libnvdimm/labels: Fix divide error in nd_label_data_init()
If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver:
Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]
Code and flow:
- CXL Command 4000h returns LSA size = 0
- config_size is assigned to zero LSA size (CXL pmem driver):
drivers/cxl/pmem.c: .config_size = mds->lsa_size,
- max_xfer is set to zero (nvdimm driver):
drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);
- A subsequent DIV_ROUND_UP() causes a division by zero:
drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size);
Fix this by checking the config size parameter by extending an existing check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 396c46d3f59a18ebcc500640e749f16e197d472b | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < f49c337037df029440a8390380dd35d2cf5924d3 | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < db1aef51b8e66a77f76b1250b914589c31a0a0ed | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < ea3d95e05e97ea20fd6513f647393add16fce3b2 | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < 1d1e1efad1cf049e888bf175a5c6be85d792620c | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < e14347f647ca6d76fe1509b6703e340f2d5e2716 | affected |
| Linux | Linux | 7d47aad4570e5e6e9a8162bb417ca9b74132f27c < ef1d3455bbc1922f94a91ed58d3d7db440652959 | affected |
| Linux | Linux | 4.20 | affected |
| Linux | Linux | 0 < 4.20 | unaffected |
| Linux | Linux | 5.4.294 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.238 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.185 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.141 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.93 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.31 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.9 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
References
- https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca
- https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b
- https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3
- https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed
- https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2
- https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c
- https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716
- https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.