{
  "threat_severity" : "Low",
  "public_date" : "2025-10-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ptp: Add a upper bound on max_vclocks",
    "id" : "2406752",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2406752"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nptp: Add a upper bound on max_vclocks\nsyzbot reported WARNING in max_vclocks_store.\nThis occurs when the argument max is too large for kcalloc to handle.\nExtend the guard to guard against values that are too large for\nkcalloc", "A flaw was found in the Linux kernel's PTP (Precision Time Protocol) subsystem. In max_vclocks_store(), when a user provides an excessively large value for the maximum number of virtual clocks, the subsequent kcalloc() call cannot handle the allocation request, triggering a kernel WARNING. A local user with access to the PTP sysfs interface could exploit this to cause a denial of service." ],
  "statement" : "This vulnerability requires local access and permissions to write to PTP sysfs attributes. The impact is limited to triggering a kernel warning and potential denial of service. Systems not using PTP virtual clocks are not affected.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40057\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40057\nhttps://lore.kernel.org/linux-cve-announce/2025102815-CVE-2025-40057-2587@gregkh/T" ],
  "name" : "CVE-2025-40057",
  "csaw" : false
}