CVE-2025-40175
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40175
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's idpf driver where SKBs (socket buffers) used in PTP (Precision Time Protocol) flows are not properly released. When the driver requests a Tx timestamp, it clones an SKB to prevent it from being freed unexpectedly. However, in some cases, such as a reset during running PTP applications, the SKB is assigned but never consumed, leading to leftover SKBs that are not freed. The fix adds a check in the release timestamping function to verify if the SKB assigned to the Tx timestamp latch was freed and releases any remaining SKBs to prevent resource leaks.

Impact Analysis

This vulnerability can lead to resource leaks in the Linux kernel's networking stack, specifically in the handling of PTP timestamping. If SKBs are not properly released, it could cause increased memory usage and potentially degrade system performance or stability over time, especially in systems heavily using PTP for time synchronization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40175. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart