CVE-2025-37769: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37769 is a division by zero vulnerability discovered in the Linux kernel's AMD GPU driver component (drm/amd/pm/smu11). The vulnerability was identified by the Linux Verification Center (linuxtesting.org) using the SVACE tool and was disclosed in May 2025 (NVD, Wiz).

The vulnerability exists in the drm/amd/pm/smu11 component where a user can set any speed value. If the speed value is greater than UINT_MAX/8, a division by zero condition becomes possible. The issue was addressed in commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71. Red Hat has assigned a CVSS v3.1 base score of 5.5 with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability affects various Linux distributions including Debian bookworm and trixie versions, while Debian bullseye is not affected as the vulnerable code is not present in this version. The vulnerability has been rated as MEDIUM severity for Ubuntu versions 16.04 through 25.04 (Wiz).

Several Linux distributions have released fixes for this vulnerability. Debian has addressed the issue in bookworm with version 6.1.135-1 and in sid with version 6.12.25-1. Red Hat Enterprise Linux versions 6 through 9 are not affected by this vulnerability (Debian Tracker, Red Hat).