Detections
Analytics

CVE-2025-40175

medium

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.

References

https://git.kernel.org/stable/c/a3f8c0a273120fd2638f03403e786c3de2382e72

https://git.kernel.org/stable/c/2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 3.8

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018