CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-FP6Q-4PVX-CXR2
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2025-04-20 03:38In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
{
"affected": [],
"aliases": [
"CVE-2017-9344"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-02T05:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.",
"id": "GHSA-fp6q-4pvx-cxr2",
"modified": "2025-04-20T03:38:24Z",
"published": "2022-05-14T01:14:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9344"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1539"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6308ae03d82a29a2e3d75e1c325c8a9f6c44dcdf"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6308ae03d82a29a2e3d75e1c325c8a9f6c44dcdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-29.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98796"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038612"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FR4W-MGC4-CH5C
Vulnerability from github – Published: 2022-06-28 00:00 – Updated: 2022-07-08 00:00When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
{
"affected": [],
"aliases": [
"CVE-2021-33651"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-27T17:15:00Z",
"severity": "HIGH"
},
"details": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.",
"id": "GHSA-fr4w-mgc4-ch5c",
"modified": "2022-07-08T00:00:45Z",
"published": "2022-06-28T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33651"
},
{
"type": "WEB",
"url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FR7X-FW4F-WMVR
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
{
"affected": [],
"aliases": [
"CVE-2018-1152"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-18T14:29:00Z",
"severity": "MODERATE"
},
"details": "libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.",
"id": "GHSA-fr7x-fw4f-wmvr",
"modified": "2022-05-13T01:24:46Z",
"published": "2022-05-13T01:24:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1152"
},
{
"type": "WEB",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3706-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3706-2"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2018-17"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104543"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV5W-43HW-M7H2
Vulnerability from github – Published: 2022-05-17 03:01 – Updated: 2025-04-20 03:32The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.
{
"affected": [],
"aliases": [
"CVE-2016-8697"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-31T22:59:00Z",
"severity": "MODERATE"
},
"details": "The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.",
"id": "GHSA-fv5w-43hw-m7h2",
"modified": "2025-04-20T03:32:04Z",
"published": "2022-05-17T03:01:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8697"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93778"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWVW-9M43-MJ3M
Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2025-04-20 03:44The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
{
"affected": [],
"aliases": [
"CVE-2017-14106"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-01T16:29:00Z",
"severity": "MODERATE"
},
"details": "The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.",
"id": "GHSA-fwvw-9m43-mj3m",
"modified": "2025-04-20T03:44:16Z",
"published": "2022-05-14T03:14:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14106"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3200"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg186255.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg186255.html"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100878"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039549"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX5X-Q37W-XXVR
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-09 21:32In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout selected, 'geo->far_set_size = disks / fc' triggers a divide-by-zero.
Validate nc and fc immediately after extraction, returning -1 if either is zero.
{
"affected": [],
"aliases": [
"CVE-2026-46161"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix divide-by-zero in setup_geo() with zero far_copies\n\nsetup_geo() extracts near_copies (nc) and far_copies (fc) from the\nuser-provided layout parameter without checking for zero. When fc=0\nwith the \"improved\" far set layout selected, \u0027geo-\u003efar_set_size =\ndisks / fc\u0027 triggers a divide-by-zero.\n\nValidate nc and fc immediately after extraction, returning -1 if\neither is zero.",
"id": "GHSA-fx5x-q37w-xxvr",
"modified": "2026-06-09T21:32:19Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46161"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b43a70394ce492274e67463326be03e0a9897c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4af2e558e6fdfb972c61350653fd55d1f62b60a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/553e32adfa1a96b217651139a3f8c3b92b9984ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/913d556e4bd1b56ed822815655b82c7bb54edc51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9aa6d860b0930e2f72795665c42c44252a558a0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d8e03b9a2b1e8ce5c198bf3a409a629f4d02cda"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c716ab3034f84f8a6c226814247b8c5ac9f95da1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9ddb621b2325eb69c95692958daf2bab4dea2c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FXG7-4Q6M-P84H
Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
{
"affected": [],
"aliases": [
"CVE-2021-4216"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-26T16:15:00Z",
"severity": "MODERATE"
},
"details": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.",
"id": "GHSA-fxg7-4q6m-p84h",
"modified": "2022-09-01T00:00:17Z",
"published": "2022-08-27T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4216"
},
{
"type": "WEB",
"url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FXQH-CFJM-FP93
Vulnerability from github – Published: 2021-05-21 14:24 – Updated: 2024-10-31 20:54Impact
An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.Reverse:
import tensorflow as tf
tensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32)
dims = tf.constant([False, True, False], shape=[3], dtype=tf.bool)
tf.raw_ops.Reverse(tensor=tensor_input, dims=dims)
This is because the implementation performs a division based on the first dimension of the tensor argument:
const int64 N = input.dim_size(0);
const int64 cost_per_unit = input.NumElements() / N;
Since this is controlled by the user, an attacker can trigger a denial of service.
Patches
We have patched the issue in GitHub commit 4071d8e2f6c45c1955a811fee757ca2adbe462c1.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29556"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T20:48:50Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`:\n\n```python\nimport tensorflow as tf\n\ntensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32)\ndims = tf.constant([False, True, False], shape=[3], dtype=tf.bool)\n\ntf.raw_ops.Reverse(tensor=tensor_input, dims=dims)\n``` \n \nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument:\n \n```cc\nconst int64 N = input.dim_size(0);\nconst int64 cost_per_unit = input.NumElements() / N;\n```\n\nSince this is controlled by the user, an attacker can trigger a denial of service.\n\n### Patches\nWe have patched the issue in GitHub commit [4071d8e2f6c45c1955a811fee757ca2adbe462c1](https://github.com/tensorflow/tensorflow/commit/4071d8e2f6c45c1955a811fee757ca2adbe462c1).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-fxqh-cfjm-fp93",
"modified": "2024-10-31T20:54:11Z",
"published": "2021-05-21T14:24:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxqh-cfjm-fp93"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29556"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/4071d8e2f6c45c1955a811fee757ca2adbe462c1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-484.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-682.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-193.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by 0 in `Reverse`"
}
GHSA-FXR3-XPPX-FCGP
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: sysfs: Prevent div by zero
Prevent a division by 0 when monitoring is not enabled.
{
"affected": [],
"aliases": [
"CVE-2024-56622"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: sysfs: Prevent div by zero\n\nPrevent a division by 0 when monitoring is not enabled.",
"id": "GHSA-fxr3-xppx-fcgp",
"modified": "2025-11-03T21:31:56Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56622"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0069928727c2e95ca26c738fbe6e4b241aeaaf08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b21233e5f72d10f08310689f993c1dbdfde9f2c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87bf3ea841a5d77beae6bb85af36b2b3848407ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c191055c7abea4912fdb83cb9b261732b25a0c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb48e9fc0028bed94a40a9352d065909f19e333c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G295-3QG8-VF4W
Vulnerability from github – Published: 2025-10-09 12:30 – Updated: 2026-02-03 15:30In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: mp: Fix dual-divider clock rate readback
When dual-divider clock support was introduced, the P divider offset was left out of the .recalc_rate readback function. This causes the clock rate to become bogus or even zero (possibly due to the P divider being 1, leading to a divide-by-zero).
Fix this by incorporating the P divider offset into the calculation.
{
"affected": [],
"aliases": [
"CVE-2025-39954"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T10:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: mp: Fix dual-divider clock rate readback\n\nWhen dual-divider clock support was introduced, the P divider offset was\nleft out of the .recalc_rate readback function. This causes the clock\nrate to become bogus or even zero (possibly due to the P divider being\n1, leading to a divide-by-zero).\n\nFix this by incorporating the P divider offset into the calculation.",
"id": "GHSA-g295-3qg8-vf4w",
"modified": "2026-02-03T15:30:20Z",
"published": "2025-10-09T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39954"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25fbbaf515acd13399589bd5ee6de5f35740cef2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40108f69c372af3aea73e7829d6849a44638d662"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.