| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111253-CVE-2025-40127-361e@gregkh> Date: Wed, 12 Nov 2025 19:24:03 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40127: hwrng: ks-sa - fix division by zero in ks_sa_rng_init From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer, resulting in division by zero when calculating delay values. Add clock initialization code before using the clock. drivers/char/hw_random/ks-sa-rng.c | 7 +++++++ 1 file changed, 7 insertions(+) The Linux kernel CVE team has assigned CVE-2025-40127 to this issue. Affected and fixed versions =========================== Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 5.10.246 with commit 692a04a1e0cde1d80a33df0078c755cf02cd7268 Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 5.15.195 with commit d76b099011fa056950f63d05ebb6160991242f6a Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 6.1.156 with commit eec7e0e19c1fa75dc65e25aa6a21ef24a03849af Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 6.6.112 with commit f4238064379a91e71a9c258996acac43c50c2094 Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 6.12.53 with commit 2b6bcce32cb5aff84588a844a4d3f6dd5353b8e2 Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 6.17.3 with commit 55a70e1de75e5ff5f961c79a2cdc6a4468cc2bf2 Issue introduced in 5.5 with commit 6d01d8511dceb9cd40f72eb102b7d24f0b2e997b and fixed in 6.18-rc1 with commit 612b1dfeb414dfa780a6316014ceddf9a74ff5c0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40127 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/char/hw_random/ks-sa-rng.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/692a04a1e0cde1d80a33df0078c755cf02cd7268 https://git.kernel.org/stable/c/d76b099011fa056950f63d05ebb6160991242f6a https://git.kernel.org/stable/c/eec7e0e19c1fa75dc65e25aa6a21ef24a03849af https://git.kernel.org/stable/c/f4238064379a91e71a9c258996acac43c50c2094 https://git.kernel.org/stable/c/2b6bcce32cb5aff84588a844a4d3f6dd5353b8e2 https://git.kernel.org/stable/c/55a70e1de75e5ff5f961c79a2cdc6a4468cc2bf2 https://git.kernel.org/stable/c/612b1dfeb414dfa780a6316014ceddf9a74ff5c0
Powered by blists - more mailing lists