Division by zero in Linux kernel media dvb-frontends driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37937 |
| CWE-ID | CWE-369 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Division by zero
EUVDB-ID: #VU109556
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37937
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.4 - 6.14.1
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/536f7f3595ef8187cfa9ea50d7d24fcf4e84e166
https://git.kernel.org/stable/c/6cfe46036b163e5a0f07c6b705b518148e1a8b2f
https://git.kernel.org/stable/c/75b42dfe87657ede3da3f279bd6b1b16d69af954
https://git.kernel.org/stable/c/976a85782246a29ba0f6d411a7a4f524cb9ea987
https://git.kernel.org/stable/c/9b76b198cf209797abcb1314c18ddeb90fe0827b
https://git.kernel.org/stable/c/b9249da6b0ed56269d4f21850df8e5b35dab50bd
https://git.kernel.org/stable/c/c8430e72b99936c206b37a8e2daebb3f8df7f2d8
https://git.kernel.org/stable/c/cd80277f652138d2619f149f86ae6d17bce721d1
https://git.kernel.org/stable/c/e63d465f59011dede0a0f1d21718b59a64c3ff5c
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.236
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.292
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
