Division by Zero Vulnerability in STMicroelectronics STM32 Drivers
CVE-2025-38126

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38126?

A vulnerability in the STMicroelectronics STM32 Linux kernel drivers occurs when the ptp_rate value is incorrectly set to 0. This arises from the failure to correctly retrieve the clk_ptp_rate value after querying from the device-tree. As a result, during PTP initialization, this zero value can trigger a division by zero error in the kernel, potentially leading to system instability. Implementing a check before configuring timestamping can prevent this issue and improve overall system robustness. Additional logs can help in diagnosing similar problems.

Affected Version(s)

Linux 19d857c9038e5c07db8f8cc02b5ad0cd0098714f < 32af9c289234990752281c805500dfe03c5b2b8f

Linux 19d857c9038e5c07db8f8cc02b5ad0cd0098714f

References

https://git.kernel.org/stable/c/32af9c289234990752281c805...

https://git.kernel.org/stable/c/b263088ee8ab14563817a8be3...

https://git.kernel.org/stable/c/bb033c6781ce1b0264c3993b7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025