fkie_cve-2025-38072
Vulnerability from fkie_nvd
Published
2025-06-18 10:15
Modified
2025-06-18 13:46
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] Code and flow: 1) CXL Command 4000h returns LSA size = 0 2) config_size is assigned to zero LSA size (CXL pmem driver): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer is set to zero (nvdimm driver): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) A subsequent DIV_ROUND_UP() causes a division by zero: drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Fix this by checking the config size parameter by extending an existing check.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\n\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\n\nCode and flow:\n\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\n\ndrivers/cxl/pmem.c:             .config_size = mds-\u003elsa_size,\n\n3) max_xfer is set to zero (nvdimm driver):\n\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd-\u003ensarea.max_xfer, config_size);\n\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\n\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c-                 config_size);\n\nFix this by checking the config size parameter by extending an\nexisting check."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libnvdimm/labels: Corregir error de divisi\u00f3n en nd_label_data_init() Si un dispositivo de memoria CXL defectuoso devuelve un tama\u00f1o LSA cero roto en su informaci\u00f3n de dispositivo de memoria (Identificar dispositivo de memoria (Opcode 4000h), especificaci\u00f3n CXL 3.1, 8.2.9.9.1.1), se produce un error de divisi\u00f3n en el controlador libnvdimm: Oops: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] C\u00f3digo y flujo: 1) El comando CXL 4000h devuelve tama\u00f1o LSA = 0 2) config_size se asigna a tama\u00f1o LSA cero (controlador pmem CXL): drivers/cxl/pmem.c: .config_size = mds-\u0026gt;lsa_size, 3) max_xfer se establece en cero (controlador nvdimm): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd-\u0026gt;nsarea.max_xfer, config_size); 4) Un DIV_ROUND_UP() posterior provoca una divisi\u00f3n por cero: drivers/nvdimm/label.c: /* Hacer que nuestro tama\u00f1o de lectura inicial sea un m\u00faltiplo del tama\u00f1o max_xfer */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Solucione esto comprobando el par\u00e1metro de tama\u00f1o de configuraci\u00f3n extendiendo una comprobaci\u00f3n existente."
    }
  ],
  "id": "CVE-2025-38072",
  "lastModified": "2025-06-18T13:46:52.973",
  "metrics": {},
  "published": "2025-06-18T10:15:40.583",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.