You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 40057
About this tag
CVE-2025-40057 is a Linux kernel vulnerability in the PTP (Precision Time Protocol) subsystem, addressed by bounding the max_vclocks parameter to prevent unsafe kcalloc allocations. The fix ensures user-controlled values cannot trigger overflow or excessively large memory requests. This tag covers discussion of the CVE, its discovery via syzbot fuzzing, and the kernel patch that adds an upper bound to max_vclocks. While the vulnerability is in the Linux kernel, it is relevant to Windows users running virtualized or WSL environments that rely on PTP for time synchronization. The tag provides information on the technical details of the bug and the mitigation applied.
The Linux kernel received a targeted fix for CVE-2025-40057 — a resource‑allocation/validation bug in the PTP (Precision Time Protocol) subsystem that adds an upper bound to the user‑controlled max_vclocks parameter so that kernel allocations performed with kcalloc cannot be overflowed or...