CVE-2025-40299

Linux Kernel - Denial of Service via gve ptp_clock gettimex64 NULL Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptp_clock for sole use of do_aux_work at this time. ptp_clock_gettime() and ptp_sys_offset() assume every ptp_clock has implemented either gettimex64 or gettime64. Stub gettimex64 and return -EOPNOTSUPP to prevent NULL dereferencing.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/96ec90412ceb58c73fd3714e40ab2cee1eedac3b

Patch

https://git.kernel.org/stable/c/6ab753b5d8e521616cd9bd10b09891cbeb7e0235

Scores

EPSS 0.0003

EPSS Percentile 8.0%

Details

Status published

Products (7)

linux/Kernel 6.17.0 - 6.17.8linux

Linux/Linux < 6.17

Linux/Linux 6.17

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux acd16380523b400400523fe54c7499320e558e80 - 6ab753b5d8e521616cd9bd10b09891cbeb7e0235

Linux/Linux acd16380523b400400523fe54c7499320e558e80 - 96ec90412ceb58c73fd3714e40ab2cee1eedac3b

Published Dec 08, 2025

Tracked Since Feb 18, 2026