Linux Kernel ftrace Division by Zero Vulnerability in function_stat_show

Vulnerability

A vulnerability in the Linux kernel's ftrace component could lead to a division by zero error in the function_stat_show() routine. This issue arises when the denominator, calculated as x * (x - 1) * 1000 modulo {2^32, 2^64}, equals zero, causing the standard deviation computation to be skipped. The vulnerability does not currently account for potential overflows in the 'counter' field of the 'rec' structure, as an overflow in the 'time' field is expected to occur first.

Impact

Exploitation of this vulnerability could lead to a denial of service condition by causing a division by zero error, which typically results in a crash or unintended behavior of the affected component.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ftrace Division by Zero Vulnerability in function_stat_show

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating