CVE-2025-21898

Summary

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Avoid potential division by zero in function_stat_show()

Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case.

For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf0629ee3922f10112584b1898491fecc74d98b3b < 5b3d32f607f0478b414b16516cf27f9170cf66c8affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < ca381f60a3bb7cfaa618d73ca411610bd7fc3149affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 3d738b53ed6cddb68e68c9874520a4bf846163b5affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 992775227843c9376773784b8b362add44592ad7affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 746cc474a95473591853927b3a9792a2d671155baffected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6affected
LinuxLinuxe31f7939c1c27faa5d0e3f14519eaf7c89e8a69d < a1a7eb89ca0b89dc1c326eeee2596f263291aca3affected
LinuxLinuxc59e74104cfd7df3ca0b5f59f1baee9c8c28b9efaffected
LinuxLinux015f0fd0fcc338513f80044add27fa46cf71d217affected
LinuxLinux1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6affected
LinuxLinux7650b4b1df091815bbbbb837d308dd4154684f8aaffected
LinuxLinux010a7e846d4beaf34384c40ff18d5de10106d9b4affected
LinuxLinux5.4.9 < 5.4.291affected
LinuxLinux3.16.83 < 3.17affected
LinuxLinux4.4.209 < 4.5affected
LinuxLinux4.9.209 < 4.10affected
LinuxLinux4.14.163 < 4.15affected
LinuxLinux4.19.94 < 4.20affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.130 <= 6.1.*unaffected
LinuxLinux6.6.81 <= 6.6.*unaffected
LinuxLinux6.12.18 <= 6.12.*unaffected
LinuxLinux6.13.6 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References