VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2025-40298

CVE-2025-40298

Description

In the Linux kernel, the following vulnerability has been resolved:

gve: Implement settime64 with -EOPNOTSUPP

ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing settime64() implementation in the Linux kernel's gve driver could cause a NULL pointer dereference when ptp_clock_settime() is called.

Vulnerability

Overview

The Linux kernel's gve (Google Virtual Ethernet) driver did not implement the settime64() callback for its PTP clock. The ptp_clock_settime() function assumes every PTP clock has this callback implemented; calling it on the gve PTP clock would lead to a NULL pointer dereference, causing a kernel crash or potential denial of service [1].

Exploitation

Scenario

An attacker with the ability to invoke PTP clock operations on the gve device—typically requiring local access or privileged control over the network interface—could trigger the NULL dereference. No special authentication beyond the ability to interact with the PTP subsystem is needed; the bug is reachable through normal PTP syscalls or ioctls.

Impact

Successful exploitation results in a kernel panic (denial of service). There is no indication of memory corruption or privilege escalation from this bug; the primary risk is system instability or downtime.

Mitigation

The fix, committed to the Linux kernel stable tree, implements settime64() to return -EOPNOTSUPP, preventing the NULL pointer dereference. Users should apply the latest kernel updates from their distribution or vendor [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

2
c9efb03ff4fa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
329d050bbe63
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.