CVE-2025-40057

In the Linux kernel, the following vulnerability has been resolved:

ptp: Add a upper bound on max_vclocks

syzbot reported WARNING in max_vclocks_store.

This occurs when the argument max is too large for kcalloc to handle.

Extend the guard to guard against values that are too large for
kcalloc
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.244-1
fixed
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
vulnerable
sid
vulnerable
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/35ce5f163889dbce88eda1df661b357a09bbed87
https://git.kernel.org/stable/c/8dd446056336faa2283d62cefc2f576536845edc
https://git.kernel.org/stable/c/e9f35294e18da82162004a2f35976e7031aaf7f9