| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070329-CVE-2025-38126-3c9b@gregkh> Date: Thu, 3 Jul 2025 10:35:43 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually propagate up to PTP initialization when bringing up the interface, leading to a divide by 0: Division by zero in kernel. CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22 Hardware name: STM32 (Device Tree Support) Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x6c/0x8c dump_stack_lvl from Ldiv0_64+0x8/0x18 Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4 stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c stmmac_hw_setup from __stmmac_open+0x18c/0x434 __stmmac_open from stmmac_open+0x3c/0xbc stmmac_open from __dev_open+0xf4/0x1ac __dev_open from __dev_change_flags+0x1cc/0x224 __dev_change_flags from dev_change_flags+0x24/0x60 dev_change_flags from ip_auto_config+0x2e8/0x11a0 ip_auto_config from do_one_initcall+0x84/0x33c do_one_initcall from kernel_init_freeable+0x1b8/0x214 kernel_init_freeable from kernel_init+0x24/0x140 kernel_init from ret_from_fork+0x14/0x28 Exception stack(0xe0815fb0 to 0xe0815ff8) Prevent this division by 0 by adding an explicit check and error log about the actual issue. While at it, remove the same check from stmmac_ptp_register, which then becomes duplicate The Linux kernel CVE team has assigned CVE-2025-38126 to this issue. Affected and fixed versions =========================== Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.1.142 with commit 32af9c289234990752281c805500dfe03c5b2b8f Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.6.94 with commit b263088ee8ab14563817a8be3519af8e25225793 Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.12.34 with commit bb033c6781ce1b0264c3993b767b4aa9021959c2 Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.15.3 with commit 379cd990dfe752b38fcf46034698a9a150626c7a Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.16-rc1 with commit 030ce919e114a111e83b7976ecb3597cefd33f26 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38126 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/32af9c289234990752281c805500dfe03c5b2b8f https://git.kernel.org/stable/c/b263088ee8ab14563817a8be3519af8e25225793 https://git.kernel.org/stable/c/bb033c6781ce1b0264c3993b767b4aa9021959c2 https://git.kernel.org/stable/c/379cd990dfe752b38fcf46034698a9a150626c7a https://git.kernel.org/stable/c/030ce919e114a111e83b7976ecb3597cefd33f26
Powered by blists - more mailing lists