Linux Kernel DP83825/DP83826 PHY Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's handling of certain PHY devices, specifically the DP83825 and DP83826 models. The issue arises because the probe function initializes the private data pointer only for the DP83822 PHY, leaving it uninitialized for the smaller DP83825 and DP83826 models. Although the private data structure is used only in DP83822-specific callbacks, the interrupt configuration is shared across all models. This oversight leads to a NULL pointer dereference on the smaller PHYs, as the interrupt handler accesses the private data without proper validation. The vulnerability has been addressed by adding a pointer verification to prevent the unchecked access.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or denial-of-service condition on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DP83825/DP83826 PHY Null Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating