CVE-2025-40175

12.11.2025, 11:15

In the Linux kernel, the following vulnerability has been resolved:

idpf: cleanup remaining SKBs in PTP flows

When the driver requests Tx timestamp value, one of the first steps is
to clone SKB using skb_get. It increases the reference counter for that
SKB to prevent unexpected freeing by another component.
However, there may be a case where the index is requested, SKB is
assigned and never consumed by PTP flows - for example due to reset during
running PTP apps.

Add a check in release timestamping function to verify if the SKB
assigned to Tx timestamp latch was freed, and release remaining SKBs.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

References

https://git.kernel.org/stable/c/2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5

https://git.kernel.org/stable/c/a3f8c0a273120fd2638f03403e786c3de2382e72