CVE-2025-21898

MEDIUM

Linux Kernel - Denial of Service via Division by Zero in ftrace function_stat_show()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 7.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-369
Status published
Products (31)
Linux/Linux < 5.5
Linux/Linux 010a7e846d4beaf34384c40ff18d5de10106d9b4
Linux/Linux 015f0fd0fcc338513f80044add27fa46cf71d217
Linux/Linux 1a2985af2a20b816a5cc41a2ddc1c4109ef6b9c6
Linux/Linux 3.16.83 - 3.17
Linux/Linux 4.14.163 - 4.15
Linux/Linux 4.19.94 - 4.20
Linux/Linux 4.4.209 - 4.5
Linux/Linux 4.9.209 - 4.10
Linux/Linux 5.10.235 - 5.10.*
... and 21 more
Published Apr 01, 2025
Tracked Since Feb 18, 2026