Linux Kernel Null Pointer Dereference Vulnerability in altr_tse_pcs Driver

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's altr_tse_pcs driver, specifically when using a fixed-link configuration. The issue arises because the driver does not receive a phy_device, leading to a crash when the tse_pcs_fix_mac_speed function is called. The vulnerability has been addressed by adding a check for the phy_dev before invoking the tse_pcs_fix_mac_speed function. Additionally, the tse_pcs_fix_mac_speed function has been cleaned up to remove unnecessary checks for splitter_base and sgmii_adapter_base, as the driver would fail if these variables are not properly set in the device tree.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a null pointer dereference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Null Pointer Dereference Vulnerability in altr_tse_pcs Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating