Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2025-39909

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application".

DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors.

Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters.

This patch (of 2):

During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked.

  • Published: Oct 1, 2025
  • Updated: Jan 17, 2026
  • CVE: CVE-2025-39909
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 6.0 6.1.153
linux / linux_kernel 6.2 6.6.107
linux / linux_kernel 6.7 6.12.48
linux / linux_kernel 6.13 6.16.8
linux / linux_kernel 6.17-rc1 6.17-rc1.x
linux / linux_kernel 6.17-rc2 6.17-rc2.x
linux / linux_kernel 6.17-rc3 6.17-rc3.x
linux / linux_kernel 6.17-rc4 6.17-rc4.x
linux / linux_kernel 6.17-rc5 6.17-rc5.x
debian / debian_linux 11.0 11.0.x