CVE-2025-40255NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference18 documents6 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 4
Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data() -> dev_get_hwtstamp_phylib() -> vlan_hwtstamp_get() -> generic_hwtstamp_get_lower() -> generic_hwtstamp_ioctl_lower() results in generic_hwtstamp_ioctl_lower() being called with kernel_cfg->ifr as NULL. The generic_hwtstamp_ioctl_lower() funct

Affected Packages5 packages

Linuxlinux/linux_kernel6.14.06.17.10
Debianlinux/linux_kernel< 6.17.10-1
Ubuntulinux/linux_kernel< 6.17.0-19.19
CVEListV5linux/linux6e9e2eed4f39d52edf5fd006409d211facf49f6b8817f816ae41908e9625c0770c4af0dcdcc01238+2
debiandebian/linux< linux 6.17.10-1 (forky)

🔴Vulnerability Details

9
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-realtime-6.17 vulnerabilities2026-03-23
OSV
linux-gcp-6.17, linux-realtime vulnerabilities2026-03-17

📋Vendor Advisories

8
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-03-23
Ubuntu
Linux kernel vulnerabilities2026-03-17