| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025040132-CVE-2025-21898-22dd@gregkh>
Date: Tue, 1 Apr 2025 16:25:34 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Avoid potential division by zero in function_stat_show()
Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
produce zero and skip stddev computation in that case.
For now don't care about rec->counter * rec->counter overflow because
rec->time * rec->time overflow will likely happen earlier.
The Linux kernel CVE team has assigned CVE-2025-21898 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.4.9 with commit f0629ee3922f10112584b1898491fecc74d98b3b and fixed in 5.4.291 with commit 5b3d32f607f0478b414b16516cf27f9170cf66c8
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.10.235 with commit ca381f60a3bb7cfaa618d73ca411610bd7fc3149
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.15.179 with commit 3d738b53ed6cddb68e68c9874520a4bf846163b5
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.1.130 with commit 992775227843c9376773784b8b362add44592ad7
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.6.81 with commit f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.12.18 with commit 746cc474a95473591853927b3a9792a2d671155b
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.13.6 with commit 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.14 with commit a1a7eb89ca0b89dc1c326eeee2596f263291aca3
Issue introduced in 3.16.83 with commit c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef
Issue introduced in 4.4.209 with commit 015f0fd0fcc338513f80044add27fa46cf71d217
Issue introduced in 4.9.209 with commit 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6
Issue introduced in 4.14.163 with commit 7650b4b1df091815bbbbb837d308dd4154684f8a
Issue introduced in 4.19.94 with commit 010a7e846d4beaf34384c40ff18d5de10106d9b4
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-21898
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/trace/ftrace.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8
https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149
https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5
https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7
https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b
https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3
Powered by blists - more mailing lists