Null Pointer Dereference Vulnerability in Linux Kernel Networking
CVE-2025-40255

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40255?

A vulnerability within the Linux kernel's networking stack exposes systems to potential crashes due to a null pointer dereference in the generic_hwtstamp_ioctl_lower() function. This occurs when the ethtool tsconfig Netlink path inadvertently leads to a NULL dereference, particularly when kernel_cfg->ifr is null. The issue can be triggered by specific calls, resulting in unstable system behavior. A fix has been implemented by incorporating a NULL check, ensuring that any instance of kernel_cfg->ifr being NULL will now return -EINVAL, thus preventing a system crash.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch