CVE-2025-21874

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21874
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21874.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21874
Downstream
Related
Published
2025-03-27T15:15:55Z
Modified
2025-03-27T20:00:22Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dm-integrity: Avoid divide by zero in table status in Inline mode

In Inline mode, the journal is unused, and journal_sectors is zero.

Calculating the journal watermark requires dividing by journal_sectors, which should be done only if the journal is configured.

Otherwise, a simple table query (dmsetup table) can cause OOPS.

This bug did not show on some systems, perhaps only due to compiler optimization.

On my 32-bit testing machine, this reliably crashes with the following:

: Oops: divide error: 0000 [#1] PREEMPT SMP : CPU: 0 UID: 0 PID: 2450 Comm: dmsetup Not tainted 6.14.0-rc2+ #959 : EIP: dmintegritystatus+0x2f8/0xab0 [dm_integrity] ...

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.19-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}