{"id":"AZL-68013","summary":"CVE-2025-39909 affecting package kernel for versions less than 6.6.112.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()\n\nPatch series \"mm/damon: avoid divide-by-zero in DAMON module's parameters\napplication\".\n\nDAMON's RECLAIM and LRU_SORT modules perform no validation on\nuser-configured parameters during application, which may lead to\ndivision-by-zero errors.\n\nAvoid the divide-by-zero by adding validation checks when DAMON modules\nattempt to apply the parameters.\n\n\nThis patch (of 2):\n\nDuring the calculation of 'hot_thres' and 'cold_thres', either\n'sample_interval' or 'aggr_interval' is used as the divisor, which may\nlead to division-by-zero errors.  Fix it by directly returning -EINVAL\nwhen such a case occurs.  Additionally, since 'aggr_interval' is already\nrequired to be set no smaller than 'sample_interval' in damon_set_attrs(),\nonly the case where 'sample_interval' is zero needs to be checked.","modified":"2026-04-01T05:21:50.840614Z","published":"2025-10-01T08:15:33Z","upstream":["CVE-2025-39909"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39909"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.112.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68013.json"}}],"schema_version":"1.7.5"}