CVE-2025-21898
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Avoid potential division by zero in function_stat_show()
Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case.
For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f0629ee3922f10112584b1898491fecc74d98b3b < 5b3d32f607f0478b414b16516cf27f9170cf66c8 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < ca381f60a3bb7cfaa618d73ca411610bd7fc3149 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 3d738b53ed6cddb68e68c9874520a4bf846163b5 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 992775227843c9376773784b8b362add44592ad7 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 746cc474a95473591853927b3a9792a2d671155b | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6 | affected |
| Linux | Linux | e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < a1a7eb89ca0b89dc1c326eeee2596f263291aca3 | affected |
| Linux | Linux | c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef | affected |
| Linux | Linux | 015f0fd0fcc338513f80044add27fa46cf71d217 | affected |
| Linux | Linux | 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6 | affected |
| Linux | Linux | 7650b4b1df091815bbbbb837d308dd4154684f8a | affected |
| Linux | Linux | 010a7e846d4beaf34384c40ff18d5de10106d9b4 | affected |
| Linux | Linux | 5.4.9 < 5.4.291 | affected |
| Linux | Linux | 3.16.83 < 3.17 | affected |
| Linux | Linux | 4.4.209 < 4.5 | affected |
| Linux | Linux | 4.9.209 < 4.10 | affected |
| Linux | Linux | 4.14.163 < 4.15 | affected |
| Linux | Linux | 4.19.94 < 4.20 | affected |
| Linux | Linux | 5.5 | affected |
| Linux | Linux | 0 < 5.5 | unaffected |
| Linux | Linux | 5.4.291 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.235 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.179 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.130 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.81 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.18 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.6 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
References
- https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8
- https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149
- https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5
- https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7
- https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
- https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b
- https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
- https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.