CVE-2025-21814

ptp: Ensure info->enable callback is always set

Description

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fdc1e72487781dd7705bcbe30878bee7d5d1f3e8
https://git.kernel.org/stable/c/9df3a9284f39bfd51a9f72a6a165c79e2aa5066b
https://git.kernel.org/stable/c/1334c64a5d1de6666e0c9f984db6745083df1eb4
https://git.kernel.org/stable/c/5d1041c76de656f9f8d5a192218039a9acf9bd00 patch
https://git.kernel.org/stable/c/81846070cba17125a866e8023c01d3465b153339 patch
https://git.kernel.org/stable/c/8441aea46445252df5d2eed6deb6d5246fc24002 patch
https://git.kernel.org/stable/c/755caf4ee1c615ee5717862e427124370f46b1f3 patch
https://git.kernel.org/stable/c/fd53aa40e65f518453115b6f56183b0c201db26b patch

Frequently Asked Questions

What is the severity of CVE-2025-21814?
CVE-2025-21814 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21814?
To fix CVE-2025-21814, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21814 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21814 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21814?
CVE-2025-21814 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.