CVE-2025-40175

Nov. 12, 2025, 4:19 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.

Product(s) Impacted

Product Versions
linux_kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5
https://git.kernel.org/stable/c/a3f8c0a273120fd2638f03403e786c3de2382e72

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-11-12
CVE-2025-40175

Timeline

Published: Nov. 12, 2025, 11:15 a.m.
Last Modified: Nov. 12, 2025, 4:19 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.