| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091139-CVE-2025-39742-37e8@gregkh> Date: Thu, 11 Sep 2025 18:52:43 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error. Fix it by moving the check prior to division. This also helps to save one indentation level. The Linux kernel CVE team has assigned CVE-2025-39742 to this issue. Affected and fixed versions =========================== Fixed in 5.4.297 with commit 9bba1a9994c523b44db64f63b564b4719ea2b7ef Fixed in 5.10.241 with commit 1a7cf828ed861de5be1aff99e10f114b363c19d3 Fixed in 5.15.190 with commit 9d3211cb61a0773a2440d0a0698c1e6e7429f907 Fixed in 6.1.149 with commit 4b4317b0d758ff92ba96f4e448a8992a6fe607bf Fixed in 6.6.103 with commit 89fdac333a17ed990b41565630ef4791782e02f5 Fixed in 6.12.43 with commit 9b05e91afe948ed819bf87d7ba0fccf451ed79a6 Fixed in 6.15.11 with commit 31d0599a23efdbfe579bfbd1eb8f8c942f13744d Fixed in 6.16.2 with commit ac53f377393cc85156afdc90b636e84e544a6f96 Fixed in 6.17-rc1 with commit 59f7d2138591ef8f0e4e4ab5f1ab674e8181ad3a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39742 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/hfi1/affinity.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9bba1a9994c523b44db64f63b564b4719ea2b7ef https://git.kernel.org/stable/c/1a7cf828ed861de5be1aff99e10f114b363c19d3 https://git.kernel.org/stable/c/9d3211cb61a0773a2440d0a0698c1e6e7429f907 https://git.kernel.org/stable/c/4b4317b0d758ff92ba96f4e448a8992a6fe607bf https://git.kernel.org/stable/c/89fdac333a17ed990b41565630ef4791782e02f5 https://git.kernel.org/stable/c/9b05e91afe948ed819bf87d7ba0fccf451ed79a6 https://git.kernel.org/stable/c/31d0599a23efdbfe579bfbd1eb8f8c942f13744d https://git.kernel.org/stable/c/ac53f377393cc85156afdc90b636e84e544a6f96 https://git.kernel.org/stable/c/59f7d2138591ef8f0e4e4ab5f1ab674e8181ad3a
Powered by blists - more mailing lists