cve/published/2025/CVE-2025-21898.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-7c5fe7eed585 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ftrace: Avoid potential division by zero in function_stat_show()

 Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
 produce zero and skip stddev computation in that case.

 For now don't care about rec->counter * rec->counter overflow because
 rec->time * rec->time overflow will likely happen earlier.

 The Linux kernel CVE team has assigned CVE-2025-21898 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4.9 with commit f0629ee3922f10112584b1898491fecc74d98b3b and fixed in 5.4.291 with commit 5b3d32f607f0478b414b16516cf27f9170cf66c8
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.10.235 with commit ca381f60a3bb7cfaa618d73ca411610bd7fc3149
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.15.179 with commit 3d738b53ed6cddb68e68c9874520a4bf846163b5
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.1.130 with commit 992775227843c9376773784b8b362add44592ad7
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.6.81 with commit f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.12.18 with commit 746cc474a95473591853927b3a9792a2d671155b
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.13.6 with commit 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
 	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.14 with commit a1a7eb89ca0b89dc1c326eeee2596f263291aca3
 	Issue introduced in 3.16.83 with commit c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef
 	Issue introduced in 4.4.209 with commit 015f0fd0fcc338513f80044add27fa46cf71d217
 	Issue introduced in 4.9.209 with commit 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6
 	Issue introduced in 4.14.163 with commit 7650b4b1df091815bbbbb837d308dd4154684f8a
 	Issue introduced in 4.19.94 with commit 010a7e846d4beaf34384c40ff18d5de10106d9b4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-21898
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/trace/ftrace.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8
 	https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149
 	https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5
 	https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7
 	https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
 	https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b
 	https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
 	https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3
	From bippy-7c5fe7eed585 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ftrace: Avoid potential division by zero in function_stat_show()

	Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}
	produce zero and skip stddev computation in that case.

	For now don't care about rec->counter * rec->counter overflow because
	rec->time * rec->time overflow will likely happen earlier.

	The Linux kernel CVE team has assigned CVE-2025-21898 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4.9 with commit f0629ee3922f10112584b1898491fecc74d98b3b and fixed in 5.4.291 with commit 5b3d32f607f0478b414b16516cf27f9170cf66c8
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.10.235 with commit ca381f60a3bb7cfaa618d73ca411610bd7fc3149
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 5.15.179 with commit 3d738b53ed6cddb68e68c9874520a4bf846163b5
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.1.130 with commit 992775227843c9376773784b8b362add44592ad7
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.6.81 with commit f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.12.18 with commit 746cc474a95473591853927b3a9792a2d671155b
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.13.6 with commit 9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
	Issue introduced in 5.5 with commit e31f7939c1c27faa5d0e3f14519eaf7c89e8a69d and fixed in 6.14 with commit a1a7eb89ca0b89dc1c326eeee2596f263291aca3
	Issue introduced in 3.16.83 with commit c59e74104cfd7df3ca0b5f59f1baee9c8c28b9ef
	Issue introduced in 4.4.209 with commit 015f0fd0fcc338513f80044add27fa46cf71d217
	Issue introduced in 4.9.209 with commit 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6
	Issue introduced in 4.14.163 with commit 7650b4b1df091815bbbbb837d308dd4154684f8a
	Issue introduced in 4.19.94 with commit 010a7e846d4beaf34384c40ff18d5de10106d9b4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-21898
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/trace/ftrace.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8
	https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149
	https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5
	https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7
	https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3
	https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b
	https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6
	https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3