Listen to this Post
How the CVE Works
The vulnerability exists within the Data Access MONitor (DAMON) subsystem of the Linux kernel. The function `damon_get_intervals_score()` performs calculations for region scoring. It contains code that divides by the total size of a memory region (region->ar.end - region->ar.start). If a DAMON region is configured with a start and end address that are equal, its size becomes zero. This leads to a divide-by-zero error when the function attempts to calculate the score, causing a kernel oops and potentially crashing the system. The same crash can occur if the `intervals_goal.access_bp` metric is zero during the calculation. The kernel maintainers fixed the bug by adding checks to prevent the division operation when these values are zero.
DailyCVE Form
Platform: Linux Kernel
Version: DAMON subsystem
Vulnerability: Divide-by-zero
Severity: Medium
Date: 2025-08-16
Prediction: Patch expected 2025-08-23
What Undercode Say:
Analytics
`cat /proc/vmallocinfo | grep damon`
`dmesg | grep “divide error”`
`perf record -a -g -e faults — sleep 1`
How Exploit
Malicious user creates zero-size DAMON region via sysfs, triggering kernel crash on access scoring.
Protection from this CVE
Update kernel; Apply patch; Avoid zero-size regions.
Impact
Kernel oops; Denial-of-service; System instability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
