CVE-2025-39909

MEDIUM EPSS 3.5%
Published Oct 1, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors. Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters. This patch (of 2): During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-369

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.153
linuxlinux_kernel*≥6.2  –  <6.6.107
linuxlinux_kernel*≥6.7  –  <6.12.48
linuxlinux_kernel*≥6.13  –  <6.16.8
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/326a4b3750c71af3f3c52399ec4dbe33b6da4c26
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/711f19dfd783ffb37ca4324388b9c4cb87e71363
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74e391f7da7d9d5235a3cca88ee9fc18f720c75b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bb675c9f0257840d33e5d1337d7e3afdd74a6bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af0ae62b935317bed1a1361c8c9579db9d300e70
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/326a4b3750c71af3f3c52399ec4dbe33b6da4c26
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/711f19dfd783ffb37ca4324388b9c4cb87e71363
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74e391f7da7d9d5235a3cca88ee9fc18f720c75b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bb675c9f0257840d33e5d1337d7e3afdd74a6bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af0ae62b935317bed1a1361c8c9579db9d300e70
    Patch