CVE-2025-38072

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] Code and flow: 1) CXL Command 4000h returns LSA size = 0 2) config_size is assigned to zero LSA size (CXL pmem driver): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer is set to zero (nvdimm driver): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) A subsequent DIV_ROUND_UP() causes a division by zero: drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Fix this by checking the config size parameter by extending an existing check.

References

Link	Resource
https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c	Patch
https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca	Patch
https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b	Patch
https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed	Patch
https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716	Patch
https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2	Patch
https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959	Patch
https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

17 Dec 2025, 18:54

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c -~~	() https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c - Patch
References	~~() https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca -~~	() https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca - Patch
References	~~() https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b -~~	() https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b - Patch
References	~~() https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed -~~	() https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed - Patch
References	~~() https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716 -~~	() https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716 - Patch
References	~~() https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2 -~~	() https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2 - Patch
References	~~() https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959 -~~	() https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959 - Patch
References	~~() https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3 -~~	() https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
First Time		Linux linux Kernel Debian Linux Debian debian Linux
CWE		CWE-908
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::*

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libnvdimm/labels: Corregir error de división en nd_label_data_init() Si un dispositivo de memoria CXL defectuoso devuelve un tamaño LSA cero roto en su información de dispositivo de memoria (Identificar dispositivo de memoria (Opcode 4000h), especificación CXL 3.1, 8.2.9.9.1.1), se produce un error de división en el controlador libnvdimm: Oops: error de división: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] Código y flujo: 1) El comando CXL 4000h devuelve tamaño LSA = 0 2) config_size se asigna a tamaño LSA cero (controlador pmem CXL): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer se establece en cero (controlador nvdimm): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) Un DIV_ROUND_UP() posterior provoca una división por cero: drivers/nvdimm/label.c: /* Hacer que nuestro tamaño de lectura inicial sea un múltiplo del tamaño max_xfer / drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) max_xfer, drivers/nvdimm/label.c- config_size); Solucione esto comprobando el parámetro de tamaño de configuración extendiendo una comprobación existente.

18 Jun 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 10:15

Updated : 2025-12-17 18:54

NVD link : CVE-2025-38072

Mitre link : CVE-2025-38072

CVE.ORG link : CVE-2025-38072

JSON object : View

Products Affected

linux

linux_kernel

debian

debian_linux

CWE

CWE-908

Use of Uninitialized Resource

5.5 /10