CVE-2025-21898

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5	Patch
https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8	Patch
https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b	Patch
https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7	Patch
https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6	Patch
https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3	Patch
https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149	Patch
https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::

History

15 Apr 2025, 16:24

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5 -~~	() https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5 - Patch
References	~~() https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8 -~~	() https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8 - Patch
References	~~() https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b -~~	() https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b - Patch
References	~~() https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7 -~~	() https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7 - Patch
References	~~() https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6 -~~	() https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6 - Patch
References	~~() https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3 -~~	() https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3 - Patch
References	~~() https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149 -~~	() https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149 - Patch
References	~~() https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3 -~~	() https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Evitar la posible división por cero en function_stat_show(). Comprueba si la expresión del denominador x * (x - 1) * 1000 mod {2^32, 2^64} produce cero y omite el cálculo de la desviación estándar en ese caso. Por ahora, no se debe preocupar el desbordamiento de rec->counter * rec->counter, ya que es probable que el desbordamiento de rec->time * rec->time ocurra antes.
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-369

01 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 16:15

Updated : 2025-04-15 16:24

NVD link : CVE-2025-21898

Mitre link : CVE-2025-21898

CVE.ORG link : CVE-2025-21898

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-369

Divide By Zero

5.5 /10