CVE-2025-39909
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors. Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters. This patch (of 2): During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39909
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's DAMON module, specifically in the RECLAIM and LRU_SORT components. These modules do not validate user-configured parameters properly, which can lead to a division-by-zero error during calculations involving 'sample_interval' or 'aggr_interval'. The issue is fixed by adding validation checks to prevent division by zero, returning an error when 'sample_interval' is zero.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to encounter a division-by-zero error, which may lead to kernel crashes or instability. This can affect system reliability and availability, potentially causing denial of service or unexpected behavior in systems relying on the DAMON module.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that adds validation checks to the DAMON module parameters to avoid division-by-zero errors. Specifically, ensure that the 'sample_interval' parameter is not set to zero, as the patch returns an error (-EINVAL) if this occurs. Updating the Linux kernel to the fixed version containing this patch is the recommended mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart