CVE-2025-40175
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40175
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40175.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40175
- Downstream
- Published
- 2025-11-12T10:53:50Z
- Modified
- 2025-11-12T20:24:55.917549Z
- Summary
- idpf: cleanup remaining SKBs in PTP flows
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
idpf: cleanup remaining SKBs in PTP flows
When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps.
Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4901e83a94ef0a8baf27916f31daf59b0a68547fFixed2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4901e83a94ef0a8baf27916f31daf59b0a68547fFixeda3f8c0a273120fd2638f03403e786c3de2382e72
Affected versions
v6.*
v6.15
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5",
"digest": {
"length": 575.0,
"function_hash": "101239342799362016871817553574008091399"
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "idpf_ptp_get_tstamp_value",
"file": "drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c"
},
"id": "CVE-2025-40175-137a06d0"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"93418534039550814499679567273833398829",
"58884375489637594551488875831953615472",
"221541139151945940097226981967150990761",
"58184760919449151258391376310097400524"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c"
},
"id": "CVE-2025-40175-58025af5"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16928124951789148047845801568349815502",
"249334113769030150255199860346627583405",
"161113829520961067874582436578339647874",
"328541448066967173444308568716225521747"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
},
"id": "CVE-2025-40175-9af37497"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3f8c0a273120fd2638f03403e786c3de2382e72",
"digest": {
"threshold": 0.9,
"line_hashes": [
"213072196718112877346739449648959390872",
"234555949170160344499435775177052163958",
"134128208263900355896491858548388806226",
"148274510414129283726969527059549290063"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
},
"id": "CVE-2025-40175-9d908e19"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3f8c0a273120fd2638f03403e786c3de2382e72",
"digest": {
"length": 794.0,
"function_hash": "73571470175182560540824645622155138948"
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "idpf_ptp_release_vport_tstamp",
"file": "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
},
"id": "CVE-2025-40175-a27dcb92"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c84e91ef831d4fedb0b94670b3cfd1cc5f966a5",
"digest": {
"length": 641.0,
"function_hash": "71316481854287770038178664395446181066"
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "idpf_ptp_release_vport_tstamp",
"file": "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
},
"id": "CVE-2025-40175-c5c59bec"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3f8c0a273120fd2638f03403e786c3de2382e72",
"digest": {
"threshold": 0.9,
"line_hashes": [
"93418534039550814499679567273833398829",
"58884375489637594551488875831953615472",
"221541139151945940097226981967150990761",
"218877091455254226105360744326219413910"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c"
},
"id": "CVE-2025-40175-f684ac2f"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3f8c0a273120fd2638f03403e786c3de2382e72",
"digest": {
"length": 728.0,
"function_hash": "235815551259671355067060341940052005191"
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "idpf_ptp_get_tstamp_value",
"file": "drivers/net/ethernet/intel/idpf/idpf_virtchnl_ptp.c"
},
"id": "CVE-2025-40175-fc0db9bd"
}
]