CVE-2025-40299
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptp_clock for sole use of do_aux_work at this time. ptp_clock_gettime() and ptp_sys_offset() assume every ptp_clock has implemented either gettimex64 or gettime64. Stub gettimex64 and return -EOPNOTSUPP to prevent NULL dereferencing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-05-06
AI Q&A
2025-12-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40299
EUVD
EUVD-2025-201645
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's gve driver, which implemented a ptp_clock used only by do_aux_work. The functions ptp_clock_gettime() and ptp_sys_offset() expect every ptp_clock to have implemented either gettimex64 or gettime64. However, the gettimex64 function was missing, leading to a potential NULL pointer dereference. The fix was to stub gettimex64 to return -EOPNOTSUPP, preventing this NULL dereference.


How can this vulnerability impact me? :

The vulnerability could cause a NULL pointer dereference in the Linux kernel when certain time-related functions are called on the gve ptp_clock, potentially leading to system instability or crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart