CVE-2025-40255
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data() -> dev_get_hwtstamp_phylib() -> vlan_hwtstamp_get() -> generic_hwtstamp_get_lower() -> generic_hwtstamp_ioctl_lower() results in generic_hwtstamp_ioctl_lower() being called with kernel_cfg->ifr as NULL. The generic_hwtstamp_ioctl_lower() function does not expect a NULL ifr and dereferences it, leading to a system crash. Fix this by adding a NULL check for kernel_cfg->ifr in generic_hwtstamp_ioctl_lower(). If ifr is NULL, return -EINVAL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40255
EUVD
EUVD-2025-201202
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's generic_hwtstamp_ioctl_lower() function. Specifically, the function is called with a NULL ifr pointer, which it does not expect, leading to a system crash. The issue arises in the ethtool tsconfig Netlink path through a call chain that eventually results in dereferencing a NULL pointer. The fix involves adding a NULL check for the ifr pointer and returning an error if it is NULL.

Impact Analysis

This vulnerability can cause a system crash due to a NULL pointer dereference in the Linux kernel. Such a crash can lead to denial of service, making the affected system unstable or unavailable until it is rebooted or recovered.

Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which adds a NULL check for kernel_cfg->ifr in generic_hwtstamp_ioctl_lower() to prevent the null pointer dereference and system crash.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart