CVE-2025-40255

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-40255

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40255.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-40255

Downstream

BELL-CVE-2025-40255

DEBIAN-CVE-2025-40255

UBUNTU-CVE-2025-40255

USN-8094-1

USN-8094-2

Published

2025-12-04T16:08:17.023Z

Modified

2026-03-10T21:52:57.593304Z

Summary

net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()

Details

In the Linux kernel, the following vulnerability has been resolved:

net: core: prevent NULL deref in generichwtstampioctl_lower()

The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as:

tsconfigpreparedata() -> devgethwtstampphylib() -> vlanhwtstampget() -> generichwtstampgetlower() -> generichwtstampioctl_lower()

results in generichwtstampioctllower() being called with kernelcfg->ifr as NULL.

The generichwtstampioctl_lower() function does not expect a NULL ifr and dereferences it, leading to a system crash.

Fix this by adding a NULL check for kernelcfg->ifr in generichwtstampioctllower(). If ifr is NULL, return -EINVAL.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40255.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6e9e2eed4f39d52edf5fd006409d211facf49f6b

Fixed

8817f816ae41908e9625c0770c4af0dcdcc01238

Fixed

f796a8dec9beafcc0f6f0d3478ed685a15c5e062

Affected versions

v6.*

v6.13

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

v6.17.3

v6.17.4

v6.17.5

v6.17.6

v6.17.7

v6.17.8

v6.17.9

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40255.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.17.10

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40255.json"