Division by zero in Linux kernel powerplay hwmgr driver



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-37770
CWE-ID CWE-369
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Division by zero

EUVDB-ID: #VU108347

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37770

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.236

CPE2.3 External links

https://git.kernel.org/stable/c/05de66de280ea1bd0459c994bfd2dd332cfbc2a9
https://git.kernel.org/stable/c/0c02fcbe4a1393a3c02da6ae35e72493cfdb2155
https://git.kernel.org/stable/c/4b8c3c0d17c07f301011e2908fecd2ebdcfe3d1c
https://git.kernel.org/stable/c/587de3ca7875c06fe3c3aa4073a85c4eff46591f
https://git.kernel.org/stable/c/836a189fb422e7efb81c51d5160e47ec7bc11500
https://git.kernel.org/stable/c/bd4d90adbca1862d03e581e10e74ab73ec75e61b
https://git.kernel.org/stable/c/e109528bbf460e50074c156253d9080d223ee37f
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###