CVE-2025-40299
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptp_clock for sole use of do_aux_work at this time. ptp_clock_gettime() and ptp_sys_offset() assume every ptp_clock has implemented either gettimex64 or gettime64. Stub gettimex64 and return -EOPNOTSUPP to prevent NULL dereferencing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-08
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40299
EUVD
EUVD-2025-201645
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's gve driver, which implemented a ptp_clock used only by do_aux_work. The functions ptp_clock_gettime() and ptp_sys_offset() expect every ptp_clock to have implemented either gettimex64 or gettime64. However, the gettimex64 function was missing, leading to a potential NULL pointer dereference. The fix was to stub gettimex64 to return -EOPNOTSUPP, preventing this NULL dereference.

Impact Analysis

The vulnerability could cause a NULL pointer dereference in the Linux kernel when certain time-related functions are called on the gve ptp_clock, potentially leading to system instability or crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart