CVE-2025-40175
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's idpf driver where SKBs (socket buffers) used in PTP (Precision Time Protocol) flows are not properly released. When the driver requests a Tx timestamp, it clones an SKB to prevent it from being freed unexpectedly. However, in some cases, such as a reset during running PTP applications, the SKB is assigned but never consumed, leading to leftover SKBs that are not freed. The fix adds a check in the release timestamping function to verify if the SKB assigned to the Tx timestamp latch was freed and releases any remaining SKBs to prevent resource leaks.
How can this vulnerability impact me? :
This vulnerability can lead to resource leaks in the Linux kernel's networking stack, specifically in the handling of PTP timestamping. If SKBs are not properly released, it could cause increased memory usage and potentially degrade system performance or stability over time, especially in systems heavily using PTP for time synchronization.