Linux Kernel MDIO Bus Initialization Vulnerability Leading to Kernel Panic

Vulnerability

A vulnerability in the Linux kernel's MDIO (Management Data Input/Output) subsystem has been addressed. The issue arose because the function 'mdio_bus_init' was incorrectly marked for export and initialization. This combination is problematic, as the initialization section of the code is cleared after use, leaving modules unable to access these symbols. Attempting to use a symbol from a freed section can cause a kernel panic. The problem was detected in 'linux-next' builds after the 'modpost' tool was fixed to issue warnings about this type of error, which had gone unaddressed for a decade.

Impact

Accessing a freed symbol from the initialization section can lead to a kernel panic, causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel MDIO Bus Initialization Vulnerability Leading to Kernel Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating