| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070328-CVE-2025-38125-8a6b@gregkh> Date: Thu, 3 Jul 2025 10:35:42 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring EST If the ptp_rate recorded earlier in the driver happens to be 0, this bogus value will propagate up to EST configuration, where it will trigger a division by 0. Prevent this division by 0 by adding the corresponding check and error code. The Linux kernel CVE team has assigned CVE-2025-38125 to this issue. Affected and fixed versions =========================== Issue introduced in 5.6 with commit 8572aec3d0dc43045254fd1bf581fb980bfdbc4b and fixed in 6.12.34 with commit 451ee661d0f6272017fa012f99617101aa8ddf2c Issue introduced in 5.6 with commit 8572aec3d0dc43045254fd1bf581fb980bfdbc4b and fixed in 6.15.3 with commit d5e3bfdba0dc419499b801937128957f77503761 Issue introduced in 5.6 with commit 8572aec3d0dc43045254fd1bf581fb980bfdbc4b and fixed in 6.16-rc1 with commit cbefe2ffa7784525ec5d008ba87c7add19ec631a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38125 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/stmicro/stmmac/stmmac_est.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/451ee661d0f6272017fa012f99617101aa8ddf2c https://git.kernel.org/stable/c/d5e3bfdba0dc419499b801937128957f77503761 https://git.kernel.org/stable/c/cbefe2ffa7784525ec5d008ba87c7add19ec631a
Powered by blists - more mailing lists