CVE-2025-39742 – A divide-by-zero vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-39742?

CVE-2025-39742 has a CVSS score of 5.5 (MEDIUM). A divide-by-zero vulnerability in the Linux kernel's RDMA hfi1 driver could cause kernel panic or system crash when the find_hw_thread_mask() function executes with zero num_core_siblings. This affects systems using RDMA hardware with the hfi1 driver, primarily in HPC and data center environments.

📋 TL;DR

A divide-by-zero vulnerability in the Linux kernel's RDMA hfi1 driver could cause kernel panic or system crash when the find_hw_thread_mask() function executes with zero num_core_siblings. This affects systems using RDMA hardware with the hfi1 driver, primarily in HPC and data center environments.

💻 Affected Systems

Products:

Linux kernel with hfi1 RDMA driver

Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RDMA hardware with hfi1 driver is present and being used.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially affecting multiple systems in clustered environments.

🟠

Likely Case

System crash or instability when RDMA operations trigger the vulnerable code path, causing service disruption.

🟢

If Mitigated

No impact if the vulnerable code path isn't triggered or if systems don't use RDMA with hfi1 driver.

🌐 Internet-Facing: LOW - RDMA typically operates on internal networks and requires local access.

🏢 Internal Only: MEDIUM - Could affect internal systems using RDMA for high-performance computing or storage.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger RDMA operations on affected hardware; not remotely exploitable without local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (1a7cf828ed861de5be1aff99e10f114b363c19d3 and related)

Vendor Advisory: https://git.kernel.org/stable/c/1a7cf828ed861de5be1aff99e10f114b363c19d3

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version and that hfi1 module loads correctly.

🔧 Temporary Workarounds

Disable hfi1 RDMA driver

Linux

Prevent loading of vulnerable kernel module

echo 'blacklist hfi1' >> /etc/modprobe.d/blacklist-hfi1.conf
rmmod hfi1
update-initramfs -u

🧯 If You Can't Patch

Disable RDMA functionality if not required
Restrict access to systems using RDMA to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if hfi1 module is loaded: lsmod | grep hfi1. Check kernel version against affected ranges.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test RDMA functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
Divide error or trap messages in dmesg
System crash/reboot logs

Network Indicators:

Unexpected RDMA connection failures

SIEM Query:

source="kernel" AND ("divide error" OR "panic" OR "Oops") AND process="hfi1"

📊 Metadata

CVE ID: CVE-2025-39742

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-369

EPSS Score: 0.01% exploit probability (1th percentile)

Published: September 11, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/1a7cf828ed861de5be1aff99e10f114b363c19d3 Patch
https://git.kernel.org/stable/c/31d0599a23efdbfe579bfbd1eb8f8c942f13744d Patch
https://git.kernel.org/stable/c/4b4317b0d758ff92ba96f4e448a8992a6fe607bf Patch
https://git.kernel.org/stable/c/59f7d2138591ef8f0e4e4ab5f1ab674e8181ad3a Patch
https://git.kernel.org/stable/c/89fdac333a17ed990b41565630ef4791782e02f5 Patch
https://git.kernel.org/stable/c/9b05e91afe948ed819bf87d7ba0fccf451ed79a6 Patch
https://git.kernel.org/stable/c/9bba1a9994c523b44db64f63b564b4719ea2b7ef Patch
https://git.kernel.org/stable/c/9d3211cb61a0773a2440d0a0698c1e6e7429f907 Patch
https://git.kernel.org/stable/c/ac53f377393cc85156afdc90b636e84e544a6f96 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39742, you might also want to check these: