CVE-2025-40175

Linux Kernel 6.16-6.17.4 - Use-After-Free in PTP Flows

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.

Scores

EPSS 0.0017
EPSS Percentile 6.4%

Details

Status published
Products (7)
linux/Kernel 6.16.0 - 6.17.5linux
Linux/Linux < 6.16
Linux/Linux 4901e83a94ef0a8baf27916f31daf59b0a68547f - 2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5
Linux/Linux 4901e83a94ef0a8baf27916f31daf59b0a68547f - a3f8c0a273120fd2638f03403e786c3de2382e72
Linux/Linux 6.16
Linux/Linux 6.17.5 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026