CVE-2025-68752

Root

Cause

The Intel Adaptive Virtual Function (iavf) driver for the Linux kernel did not implement the settime64() callback required by the PTP clock subsystem. The ptp_clock_settime() function assumes every PTP clock has this callback, and calling it without a valid pointer leads to a NULL pointer dereferencing a NULL function pointer, causing a kernel crash [1].

Exploitation

An attacker would need to be able to invoke the PTP clock settime operation on a system using the iavf driver. This typically requires local access and the ability to interact with the PTP character device or use the ptp_settime() system call. No special privileges beyond the ability to open the PTP device are needed, but the attack surface is limited to systems with Intel virtual function NICs [1].

Impact

A successful trigger results in a NULL pointer dereference in the kernel, leading to a denial of service (system crash or hang). There is no evidence of code execution or privilege escalation from this bug [1].

Mitigation

The fix, similar to commit 329d050bbe63 for the gve driver, implements settime64() to return -EOPNOTSUPP, preventing the NULL dereference. The patch has been applied to the Linux kernel stable tree [1]. Users should update to update to a kernel version containing this commit.