CVE-2025-38072
📋 TL;DR
A divide-by-zero vulnerability in the Linux kernel's libnvdimm driver occurs when a faulty CXL memory device reports a zero LSA size, causing a kernel panic. This affects systems using CXL memory devices with vulnerable kernel versions. The vulnerability requires physical or administrative access to trigger via a malicious or faulty hardware device.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash when a faulty CXL memory device is connected or when malicious hardware is attached by an attacker with physical access.
If Mitigated
No impact if systems don't use CXL memory devices or have patched kernels.
🎯 Exploit Status
Exploitation requires either a malicious CXL device or ability to simulate one through driver manipulation. Not remotely exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits: 1d1e1efad1cf, 2bd4a938d2ed, 396c46d3f59a, db1aef51b8e6, e14347f647ca
Vendor Advisory: https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Check distribution security advisories. 3. Reboot system after kernel update. 4. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable CXL memory device support
linuxPrevent loading of libnvdimm driver or blacklist CXL modules to avoid vulnerability trigger.
modprobe -r cxl_pmem
echo 'blacklist cxl_pmem' >> /etc/modprobe.d/blacklist.conf
Restrict physical access
allPrevent unauthorized hardware connections to systems using CXL memory devices.
🧯 If You Can't Patch
- Restrict physical access to servers to prevent malicious hardware connections.
- Monitor system logs for kernel panic events related to libnvdimm or CXL drivers.
🔍 How to Verify
Check if Vulnerable:
Check if CXL memory devices are present and kernel version is unpatched: lspci | grep -i cxl && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E '(1d1e1efad1cf|2bd4a938d2ed|396c46d3f59a|db1aef51b8e6|e14347f647ca)'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'divide error' or 'nd_label_data_init'
- System crash/reboot events after CXL device connection
- dmesg errors mentioning libnvdimm or CXL drivers
Network Indicators:
- None - local hardware vulnerability
SIEM Query:
source="kernel" AND ("divide error" OR "nd_label_data_init" OR "libnvdimm" OR "CXL")🔗 References
- https://git.kernel.org/stable/c/1d1e1efad1cf049e888bf175a5c6be85d792620c
- https://git.kernel.org/stable/c/2bd4a938d2eda96ab7288b8fa5aae84a1de8c4ca
- https://git.kernel.org/stable/c/396c46d3f59a18ebcc500640e749f16e197d472b
- https://git.kernel.org/stable/c/db1aef51b8e66a77f76b1250b914589c31a0a0ed
- https://git.kernel.org/stable/c/e14347f647ca6d76fe1509b6703e340f2d5e2716
- https://git.kernel.org/stable/c/ea3d95e05e97ea20fd6513f647393add16fce3b2
- https://git.kernel.org/stable/c/ef1d3455bbc1922f94a91ed58d3d7db440652959
- https://git.kernel.org/stable/c/f49c337037df029440a8390380dd35d2cf5924d3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
