#VU111639 Division by zero in Linux kernel - CVE-2025-38072
Vulnerability identifier: #VU111639
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-369
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c
https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca
https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b
https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed
https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716
https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2
https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959
https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
