CVE-2025-39681
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code.
This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing resctrl_cpu_detect() in Hygon CPU init causes division-by-zero during boot on systems with CQM features.
The vulnerability is a missing call to resctrl_cpu_detect() in the Hygon vendor-specific BSP init helper, introduced by a prior commit that moved the detection from common code. Without this, boot_cpu_data.x86_cache_occ_scale remains uninitialized, causing a division-by-zero fault in get_rdt_mon_resources() when it calculates mon_l3_config. This affects Hygon CPUs with X86_FEATURE_CQM* support. [1]
Exploitation occurs automatically during early boot on affected systems; no authentication or network access is required. Any boot of a vulnerable kernel leads to a crash, resulting in denial of service. The attacker only needs local access to trigger a reboot, or the system may crash on its own.
The impact is a complete system crash during boot, rendering the system unusable. This can cause downtime for devices such as Siemens SIMATIC CN 4100 that use vulnerable kernel versions. [1]
The fix is to add the missing resctrl_cpu_detect() call in the Hygon BSP init helper. Patches have been applied to the Linux kernel stable branches. [2][3][4] Users should update to patched kernels or backport the fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 5.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- git.kernel.org/stable/c/62f12cde10118253348a7540e85606869bd69432nvdPatch
- git.kernel.org/stable/c/7207923d8453ebfb35667c1736169f2dd796772envdPatch
- git.kernel.org/stable/c/873f32201df8876bdb2563e3187e79149427cab4nvdPatch
- git.kernel.org/stable/c/a9e5924daa954c9f585c1ca00358afe71d6781c4nvdPatch
- git.kernel.org/stable/c/d23264c257a70dbe021b43b3bc2ee16134cd2c69nvdPatch
- git.kernel.org/stable/c/d8df126349dad855cdfedd6bbf315bad2e901c2fnvdPatch
- git.kernel.org/stable/c/fb81222c1559f89bfe3aa1010f6d112531d55353nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories