VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-40255

CVE-2025-40255

Description

In the Linux kernel, the following vulnerability has been resolved:

net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()

The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as:

tsconfig_prepare_data() -> dev_get_hwtstamp_phylib() -> vlan_hwtstamp_get() -> generic_hwtstamp_get_lower() -> generic_hwtstamp_ioctl_lower()

results in generic_hwtstamp_ioctl_lower() being called with kernel_cfg->ifr as NULL.

The generic_hwtstamp_ioctl_lower() function does not expect a NULL ifr and dereferences it, leading to a system crash.

Fix this by adding a NULL check for kernel_cfg->ifr in generic_hwtstamp_ioctl_lower(). If ifr is NULL, return -EINVAL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, generic_hwtstamp_ioctl_lower() can be called with a NULL pointer via the ethtool tsconfig path, causing a system crash; fix adds NULL check.

Vulnerability

Description

CVE-2025-40255 is a NULL pointer dereference vulnerability in the Linux kernel's generic_hwtstamp_ioctl_lower() function. The function is called during the ethtool timestamp configuration (tsconfig) via the Netlink interface. When the call chain passes through vlan_hwtstamp_get() and generic_hwtstamp_get_lower(), the kernel_cfg->ifr pointer is left as NULL. The function then dereferences this pointer without validation, leading to a system crash.

Exploitation

Prerequisites

An attacker must have the ability to send crafted Netlink messages to the kernel to trigger the ethtool tsconfig path. No authentication is mentioned, but typically such operations require root or appropriate capabilities. The attack can be performed locally, and no special network position is needed beyond access to the Netlink socket.

Impact

Successful exploitation results in a denial of service (system crash). There is no indication of memory corruption or privilege escalation from the description.

Mitigation

The fix is included in the Linux kernel stable commit referenced [1]. Users should update to a kernel version containing this commit. No workaround is provided.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

2
8817f816ae41
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f796a8dec9be
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.