{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40255","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.181Z","datePublished":"2025-12-04T16:08:17.023Z","dateUpdated":"2026-05-11T21:45:47.848Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:45:47.848Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()\n\nThe ethtool tsconfig Netlink path can trigger a null pointer\ndereference. A call chain such as:\n\n  tsconfig_prepare_data() ->\n  dev_get_hwtstamp_phylib() ->\n  vlan_hwtstamp_get() ->\n  generic_hwtstamp_get_lower() ->\n  generic_hwtstamp_ioctl_lower()\n\nresults in generic_hwtstamp_ioctl_lower() being called with\nkernel_cfg->ifr as NULL.\n\nThe generic_hwtstamp_ioctl_lower() function does not expect\na NULL ifr and dereferences it, leading to a system crash.\n\nFix this by adding a NULL check for kernel_cfg->ifr in\ngeneric_hwtstamp_ioctl_lower(). If ifr is NULL, return -EINVAL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/core/dev_ioctl.c"],"versions":[{"version":"6e9e2eed4f39d52edf5fd006409d211facf49f6b","lessThan":"8817f816ae41908e9625c0770c4af0dcdcc01238","status":"affected","versionType":"git"},{"version":"6e9e2eed4f39d52edf5fd006409d211facf49f6b","lessThan":"f796a8dec9beafcc0f6f0d3478ed685a15c5e062","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/core/dev_ioctl.c"],"versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","status":"unaffected","versionType":"semver"},{"version":"6.17.10","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.17.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8817f816ae41908e9625c0770c4af0dcdcc01238"},{"url":"https://git.kernel.org/stable/c/f796a8dec9beafcc0f6f0d3478ed685a15c5e062"}],"title":"net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()","x_generator":{"engine":"bippy-1.2.0"}}}}