Primary

Context

Linux Kernel HIP08 Devices NULL Pointer Dereference Vulnerability in PTP Timestamping

Vulnerability

A vulnerability in the Linux kernel's handling of Precision Time Protocol (PTP) messages has been identified in HIP08 devices. These devices do not register PTP functionality, resulting in a NULL pointer reference when PTP messages are transmitted. The issue arises because the transmission process attempts to apply hardware timestamping, leading to a kernel crash. The vulnerability can be reproduced by sending PTP messages over UDP, which triggers the NULL pointer dereference and subsequent crash.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by sending PTP messages on a HIP08 device that does not have PTP support registered. This can be done by transmitting PTP over UDP, which will initiate the transmission process that incorrectly handles the missing PTP device registration, leading to a crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HIP08 Devices NULL Pointer Dereference Vulnerability in PTP Timestamping

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating