CVE-2025-21874

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21874

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21874.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-21874

Downstream

UBUNTU-CVE-2025-21874

USN-7521-1

USN-7521-3

Related

USN-7521-2

Published

2025-03-27T15:15:55Z

Modified

2025-03-27T20:00:22Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

dm-integrity: Avoid divide by zero in table status in Inline mode

In Inline mode, the journal is unused, and journal_sectors is zero.

Calculating the journal watermark requires dividing by journal_sectors, which should be done only if the journal is configured.

Otherwise, a simple table query (dmsetup table) can cause OOPS.

This bug did not show on some systems, perhaps only due to compiler optimization.

On my 32-bit testing machine, this reliably crashes with the following:

: Oops: divide error: 0000 [#1] PREEMPT SMP : CPU: 0 UID: 0 PID: 2450 Comm: dmsetup Not tainted 6.14.0-rc2+ #959 : EIP: dmintegritystatus+0x2f8/0xab0 [dm_integrity] ...

References

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.19-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}