Linux Kernel Vulnerability in PTP Clock Functionality
CVE-2025-40298

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40298?

A flaw in the Linux kernel's PTP clock functionality has been identified where the ptp_clock_settime() function inadequately assumes that all PTP clocks have implemented the settime64() method. This oversight can lead to a NULL dereference, potentially causing system instability or crashes. The kernel has addressed this by stubbing the function with the error code -EOPNOTSUPP to enhance stability and security. System administrators and developers are encouraged to update to the latest kernel version to mitigate this vulnerability.

Affected Version(s)

Linux acd16380523b400400523fe54c7499320e558e80

Linux acd16380523b400400523fe54c7499320e558e80 < 329d050bbe63c2999f657cf2d3855be11a473745

Linux 6.17

References

https://git.kernel.org/stable/c/c9efb03ff4fae0bc7e5ef3323...

https://git.kernel.org/stable/c/329d050bbe63c2999f657cf2d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON