CVE-2025-38125: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38125 is a vulnerability discovered in the Linux kernel affecting the network stack's stmmac driver. The vulnerability was disclosed on April 16, 2025, and involves a potential division by zero error in the EST (Enhancements for Scheduled Traffic) configuration when the ptp_rate value is zero (CVE Details).

The vulnerability occurs in the Linux kernel's network stack, specifically in the stmmac driver's EST configuration. When the ptp_rate value recorded earlier in the driver is 0, this invalid value propagates to the EST configuration, potentially triggering a division by zero error. The vulnerability has been assigned a CVSS v3 Base Score of 7.0, indicating a moderate to high severity (Red Hat Portal, Rapid7).

The vulnerability affects multiple Linux distributions and their kernel packages, particularly impacting newer versions of Ubuntu (22.04 LTS, 24.04 LTS, and 25.04) across various kernel flavors including the main kernel, AWS, Azure, and GCP-specific kernels. Older versions (20.04 LTS and earlier) are not affected (Ubuntu Security).

A fix has been implemented that adds a check to ensure ptp_rate is not zero before proceeding with EST configuration, along with appropriate error code handling (CVE Details).