CVE-2025-38519 – A divide-by-zero vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-38519?

CVE-2025-38519 has a CVSS score of 5.5 (MEDIUM). A divide-by-zero vulnerability in the Linux kernel's DAMON (Data Access MONitor) subsystem can cause kernel crashes when monitoring zero-size memory regions or when access_bp is zero. This affects Linux systems using DAMON for memory access monitoring, potentially leading to denial of service. The vulnerability requires local access to trigger.

📋 TL;DR

A divide-by-zero vulnerability in the Linux kernel's DAMON (Data Access MONitor) subsystem can cause kernel crashes when monitoring zero-size memory regions or when access_bp is zero. This affects Linux systems using DAMON for memory access monitoring, potentially leading to denial of service. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel

Versions: Versions containing vulnerable DAMON code prior to fixes in stable trees

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when DAMON subsystem is enabled and being used for memory monitoring. Most systems don't use DAMON by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

Local user or process triggers kernel crash causing system instability and temporary unavailability.

🟢

If Mitigated

Minimal impact as it requires local access and specific DAMON usage patterns.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes could intentionally or accidentally trigger system crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to interact with DAMON subsystem. Not trivial to exploit without specific knowledge of DAMON usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits bd225b9591442065beb876da72656f4a2d627d03 and ca4bb9ac706f05ead8ac1cce7b8245fc0645a687

Vendor Advisory: https://git.kernel.org/stable/c/bd225b9591442065beb876da72656f4a2d627d03

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable DAMON subsystem

all

Prevent use of DAMON memory monitoring feature if not required

echo 'blacklist damon' >> /etc/modprobe.d/blacklist.conf
reboot

🧯 If You Can't Patch

Restrict local user access to systems where DAMON might be used
Monitor system logs for kernel panic messages related to divide errors

🔍 How to Verify

Check if Vulnerable:

Check if DAMON is enabled: lsmod | grep damon and check kernel version against patched releases

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: uname -r and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages with 'divide error' in dmesg or system logs
Oops messages referencing damon_get_intervals_score()

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("divide error" OR "Oops" OR "damon_get_intervals_score")

📊 Metadata

CVE ID: CVE-2025-38519

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-369

EPSS Score: 0.02% exploit probability (4.2th percentile)

Published: August 16, 2025

Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38519, you might also want to check these: