CVE-2025-21898

ftrace: Avoid potential division by zero in function_stat_show()

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8 patch
https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149 patch
https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5 patch
https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7 patch
https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3 patch
https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b patch
https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6 patch
https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3 patch

Frequently Asked Questions

What is the severity of CVE-2025-21898?
CVE-2025-21898 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21898?
To fix CVE-2025-21898, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21898 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21898 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21898?
CVE-2025-21898 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.