CVE-2025-40299

Vulnerability

The GVE (Google Virtual Ethernet) driver in the Linux kernel registered a PTP clock device solely for the purpose of do_aux_work, but did not implement the gettimex64 or gettime64 callbacks. Functions such as ptp_clock_gettime() and ptp_sys_offset() assume that every PTP clock provides at least one of these time‑retrieval methods. Without a stub, a NULL pointer is dereferenced when the kernel attempts to call the missing function [1].

Exploitation

An attacker could trigger the vulnerability by invoking any operation that queries the PTP time from the GVE device. This requires local access to the system and the ability to interact with the PTP subsystem (typically requiring root privileges or appropriate permissions). No special network position is needed because the bug resides in the kernel driver stack [1].

Impact

A successful trigger results in a NULL pointer dereference, causing a kernel panic (denial of service). There is no indication of memory corruption or privilege escalation beyond the crash [1].

Mitigation

The fix has been merged into the Linux kernel stable tree as commit 6ab753b5d8e52. Users should update to a kernel version that includes this commit. No workarounds are documented; the only safe resolution is to apply the patch [1].