[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2025070329-CVE-2025-38126-3c9b@gregkh>
Date: Thu, 3 Jul 2025 10:35:43 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
The stmmac platform drivers that do not open-code the clk_ptp_rate value
after having retrieved the default one from the device-tree can end up
with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will
eventually propagate up to PTP initialization when bringing up the
interface, leading to a divide by 0:
Division by zero in kernel.
CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22
Hardware name: STM32 (Device Tree Support)
Call trace:
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x6c/0x8c
dump_stack_lvl from Ldiv0_64+0x8/0x18
Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4
stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c
stmmac_hw_setup from __stmmac_open+0x18c/0x434
__stmmac_open from stmmac_open+0x3c/0xbc
stmmac_open from __dev_open+0xf4/0x1ac
__dev_open from __dev_change_flags+0x1cc/0x224
__dev_change_flags from dev_change_flags+0x24/0x60
dev_change_flags from ip_auto_config+0x2e8/0x11a0
ip_auto_config from do_one_initcall+0x84/0x33c
do_one_initcall from kernel_init_freeable+0x1b8/0x214
kernel_init_freeable from kernel_init+0x24/0x140
kernel_init from ret_from_fork+0x14/0x28
Exception stack(0xe0815fb0 to 0xe0815ff8)
Prevent this division by 0 by adding an explicit check and error log
about the actual issue. While at it, remove the same check from
stmmac_ptp_register, which then becomes duplicate
The Linux kernel CVE team has assigned CVE-2025-38126 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.1.142 with commit 32af9c289234990752281c805500dfe03c5b2b8f
Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.6.94 with commit b263088ee8ab14563817a8be3519af8e25225793
Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.12.34 with commit bb033c6781ce1b0264c3993b767b4aa9021959c2
Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.15.3 with commit 379cd990dfe752b38fcf46034698a9a150626c7a
Issue introduced in 4.5 with commit 19d857c9038e5c07db8f8cc02b5ad0cd0098714f and fixed in 6.16-rc1 with commit 030ce919e114a111e83b7976ecb3597cefd33f26
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38126
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/32af9c289234990752281c805500dfe03c5b2b8f
https://git.kernel.org/stable/c/b263088ee8ab14563817a8be3519af8e25225793
https://git.kernel.org/stable/c/bb033c6781ce1b0264c3993b767b4aa9021959c2
https://git.kernel.org/stable/c/379cd990dfe752b38fcf46034698a9a150626c7a
https://git.kernel.org/stable/c/030ce919e114a111e83b7976ecb3597cefd33f26
Powered by blists - more mailing lists