Primary

Context

Linux Kernel Broadcom BCM4908 Ethernet Driver NULL Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Broadcom BCM4908 Ethernet driver of the Linux kernel has been addressed. The issue involved the transmission statistics not being updated after the actual data transmission, which could lead to a race condition and a NULL pointer dereference. The function 'bcm4908_enet_start_xmit()' might attempt to access a socket buffer after it has been freed in 'bcm4908_enet_poll_tx()'. This vulnerability affects the Linux kernel in the stable group.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: Dec 30, 2025, 4:49 PM

Updated: Dec 30, 2025, 4:49 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Broadcom BCM4908 Ethernet Driver NULL Dereference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating