CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21814: ptp: Ensure info->enable callback is always set

Description

In the Linux kernel, the following vulnerability has been resolved:

ptp: Ensure info->enable callback is always set

The ioctl and sysfs handlers unconditionally call the ->enable callback.
Not all drivers implement that callback, leading to NULL dereferences.
Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.

Instead use a dummy callback if no better was specified by the driver.

Classification

CVE ID: CVE-2025-21814

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.8% (scored less or equal to compared to others)

EPSS Date: 2025-03-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21814
https://git.kernel.org/stable/c/5d1041c76de656f9f8d5a192218039a9acf9bd00
https://git.kernel.org/stable/c/81846070cba17125a866e8023c01d3465b153339
https://git.kernel.org/stable/c/8441aea46445252df5d2eed6deb6d5246fc24002
https://git.kernel.org/stable/c/755caf4ee1c615ee5717862e427124370f46b1f3
https://git.kernel.org/stable/c/fd53aa40e65f518453115b6f56183b0c201db26b

Timeline

2025-02-27 21:40:18 UTC
CVE

ptp: Ensure info->enable callback is always set