Linux Kernel Vulnerability in PTP Clock Implementation by Vendor
CVE-2025-40299

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40299?

A vulnerability exists in the Linux kernel related to the implementation of ptp_clock, specifically affecting the functions gettimex64 and gettime64. This flaw could lead to potential NULL dereferencing when these functions are assumed to be implemented by every ptp_clock. The recent resolution introduced a stub for gettimex64 that returns -EOPNOTSUPP, helping to mitigate this issue and prevent application crashes. The fix emphasizes the need for robust validation in low-level system functionalities.

Affected Version(s)

Linux acd16380523b400400523fe54c7499320e558e80 < 96ec90412ceb58c73fd3714e40ab2cee1eedac3b

Linux acd16380523b400400523fe54c7499320e558e80 < 6ab753b5d8e521616cd9bd10b09891cbeb7e0235

Linux 6.17

References

https://git.kernel.org/stable/c/96ec90412ceb58c73fd3714e4...

https://git.kernel.org/stable/c/6ab753b5d8e521616cd9bd10b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON