CVE-2025-40057
Description
In the Linux kernel, the following vulnerability has been resolved:
ptp: Add a upper bound on max_vclocks
syzbot reported WARNING in max_vclocks_store.
This occurs when the argument max is too large for kcalloc to handle.
Extend the guard to guard against values that are too large for kcalloc
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing upper bound in ptp max_vclocks_store can cause kernel WARNING on large max argument.
Vulnerability
The ptp driver in the Linux kernel did not enforce an upper bound on the max argument passed to max_vclocks_store. When a very large value is provided, kcalloc may fail due to excessive size, triggering a kernel WARNING [1][2].
Exploitation
An attacker with ability to write to the max_vclocks sysfs file can cause this by specifying an oversized integer. No special privileges beyond write access to the sysfs attribute are needed, though such access typically requires root or CAP_SYS_ADMIN.
Impact
Successful exploitation results in a kernel WARNING, which may indicate denial of service (system log spam, potential panic depending on configuration). No memory corruption or privilege escalation is reported.
Mitigation
The fix adds an explicit upper bound check, ensuring the value fits within the limits that kcalloc can safely allocate. Patches have been applied to the stable kernel trees referenced [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
38dd44605633635ce5f163889e9f35294e18dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.