Volerion logoVolerion
Volerion logoVolerion

Linux Kernel BFQ I/O Scheduler Division by Zero Vulnerability

Vulnerability

A division by zero vulnerability has been identified in the Linux kernel's BFQ (Budget Fair Queueing) I/O scheduler. This issue occurs when the weighted sum of I/O requests is zero, leading to a calculation error in the scheduling limit. The vulnerability was discovered using the 'stress-ng' tool with I/O priority manipulation, which triggered the error in a controlled environment.

Impact

Exploitation of this vulnerability causes a division by zero error, leading to a kernel panic or crash.

Reproduction

The vulnerability can be reproduced by running the 'stress-ng' tool as the root user, with the I/O priority option set to zero. This combination triggers the division by zero error in the BFQ I/O scheduler.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed.

Added: Dec 30, 2025, 3:12 PM
Updated: Dec 30, 2025, 3:12 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.8
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.