CVE-2025-37740
📋 TL;DR
A divide-by-zero vulnerability in the Linux kernel's JFS filesystem can cause kernel panic when mounting filesystems with malformed allocation group metadata. This affects systems using JFS filesystem with vulnerable kernel versions, potentially leading to denial of service.
💻 Affected Systems
- Linux kernel with JFS filesystem support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot
Likely Case
System crash when mounting or accessing corrupted JFS filesystems, causing temporary service disruption
If Mitigated
No impact if patch is applied or JFS filesystem is not used
🎯 Exploit Status
Requires ability to create or corrupt JFS filesystem metadata. Likely requires local access or filesystem manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 722e72f7f9c69fcb3ab7988c2471feff7a4c8de1, a065cec230aa807c18828a3eee82f1c8592c2adf, a260bf14cd347878f01f70739ba829442a474a16, a741f29ac8b6374c9904be8b7ac7cdfcd7e7e4fa, c8c96a9e7660e5e5eea445978fe8f2e432d91c1f
Vendor Advisory: https://git.kernel.org/stable/c/722e72f7f9c69fcb3ab7988c2471feff7a4c8de1
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable JFS filesystem support
linuxRemove JFS kernel module to prevent filesystem mounting
modprobe -r jfs
echo 'blacklist jfs' >> /etc/modprobe.d/blacklist.conf
Avoid JFS filesystem usage
linuxUse alternative filesystems and avoid mounting JFS partitions
# Do not mount JFS filesystems
# Use ext4, xfs, or btrfs instead
🧯 If You Can't Patch
- Restrict local user access to prevent filesystem manipulation
- Implement strict filesystem integrity monitoring and backup procedures
🔍 How to Verify
Check if Vulnerable:
Check if JFS module is loaded: lsmod | grep jfs. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure JFS module loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- Divide error or arithmetic exception in kernel logs
- JFS mount failures
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("divide error" OR "divide by zero" OR "kernel panic") AND "jfs"🔗 References
- https://git.kernel.org/stable/c/722e72f7f9c69fcb3ab7988c2471feff7a4c8de1
- https://git.kernel.org/stable/c/a065cec230aa807c18828a3eee82f1c8592c2adf
- https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16
- https://git.kernel.org/stable/c/a741f29ac8b6374c9904be8b7ac7cdfcd7e7e4fa
- https://git.kernel.org/stable/c/c8c96a9e7660e5e5eea445978fe8f2e432d91c1f
- https://git.kernel.org/stable/c/cc0bc4cb62ce5fa0c383e3bf0765d01f46bd49ac
- https://git.kernel.org/stable/c/ccd97c8a4f90810f228ee40d1055148fa146dd57
- https://git.kernel.org/stable/c/ddf2846f22e8575d6b4b6a66f2100f168b8cd73d
- https://git.kernel.org/stable/c/e3f85edb03183fb06539e5b50dd2c4bb42b869f0
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
