CVE-2025-40175
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: cleanup remaining SKBs in PTP flows
When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps.
Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4901e83a94ef0a8baf27916f31daf59b0a68547f < 2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5 | affected |
| Linux | Linux | 4901e83a94ef0a8baf27916f31daf59b0a68547f < a3f8c0a273120fd2638f03403e786c3de2382e72 | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 6.17.5 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5
- https://git.kernel.org/stable/c/a3f8c0a273120fd2638f03403e786c3de2382e72
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.