1. Home
  2. Vulnerabilities
  3. CVE-2025-39681
5.5
MEDIUM CVSS 3.1
CVE-2025-39681
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Description

In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ]

INFO

Published Date :

Sept. 5, 2025, 6:15 p.m.

Last Modified :

Jan. 8, 2026, 3:33 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-39681 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
Apply kernel patches to fix a division by zero fault during early boot.
  • Apply the provided kernel patches to the Linux system.
  • Reboot the system after applying the patches.
  • Verify that the system boots without division by zero errors.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-39681.

URL Resource
https://git.kernel.org/stable/c/62f12cde10118253348a7540e85606869bd69432 Patch
https://git.kernel.org/stable/c/7207923d8453ebfb35667c1736169f2dd796772e Patch
https://git.kernel.org/stable/c/873f32201df8876bdb2563e3187e79149427cab4 Patch
https://git.kernel.org/stable/c/a9e5924daa954c9f585c1ca00358afe71d6781c4 Patch
https://git.kernel.org/stable/c/d23264c257a70dbe021b43b3bc2ee16134cd2c69 Patch
https://git.kernel.org/stable/c/d8df126349dad855cdfedd6bbf315bad2e901c2f Patch
https://git.kernel.org/stable/c/fb81222c1559f89bfe3aa1010f6d112531d55353 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-39681 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-39681 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-39681 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-39681 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 08, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.103 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.190 *cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.44 *cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.16.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.149 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.8 up to (excluding) 5.10.242
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/62f12cde10118253348a7540e85606869bd69432 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/7207923d8453ebfb35667c1736169f2dd796772e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/873f32201df8876bdb2563e3187e79149427cab4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a9e5924daa954c9f585c1ca00358afe71d6781c4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d23264c257a70dbe021b43b3bc2ee16134cd2c69 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d8df126349dad855cdfedd6bbf315bad2e901c2f Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/fb81222c1559f89bfe3aa1010f6d112531d55353 Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Types: Third Party Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 08, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/62f12cde10118253348a7540e85606869bd69432
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 05, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ]
    Added Reference https://git.kernel.org/stable/c/7207923d8453ebfb35667c1736169f2dd796772e
    Added Reference https://git.kernel.org/stable/c/873f32201df8876bdb2563e3187e79149427cab4
    Added Reference https://git.kernel.org/stable/c/a9e5924daa954c9f585c1ca00358afe71d6781c4
    Added Reference https://git.kernel.org/stable/c/d23264c257a70dbe021b43b3bc2ee16134cd2c69
    Added Reference https://git.kernel.org/stable/c/d8df126349dad855cdfedd6bbf315bad2e901c2f
    Added Reference https://git.kernel.org/stable/c/fb81222c1559f89bfe3aa1010f6d112531d55353
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact