CVE-2025-40255

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()<br /> <br /> The ethtool tsconfig Netlink path can trigger a null pointer<br /> dereference. A call chain such as:<br /> <br /> tsconfig_prepare_data() -&gt;<br /> dev_get_hwtstamp_phylib() -&gt;<br /> vlan_hwtstamp_get() -&gt;<br /> generic_hwtstamp_get_lower() -&gt;<br /> generic_hwtstamp_ioctl_lower()<br /> <br /> results in generic_hwtstamp_ioctl_lower() being called with<br /> kernel_cfg-&gt;ifr as NULL.<br /> <br /> The generic_hwtstamp_ioctl_lower() function does not expect<br /> a NULL ifr and dereferences it, leading to a system crash.<br /> <br /> Fix this by adding a NULL check for kernel_cfg-&gt;ifr in<br /> generic_hwtstamp_ioctl_lower(). If ifr is NULL, return -EINVAL.