Linux Kernel NULL Pointer Dereference Vulnerability in Ethtool Netlink Handling

Vulnerability

A vulnerability in the Linux kernel's handling of ethtool netlink commands can lead to a NULL pointer dereference, causing a crash. This issue arises when the ethnl_req_get_phydev() function is called without the necessary request attributes, particularly in the notification path following a PHY device operation. The vulnerability affects the PLCA command, as other PHY device-specific commands do not encounter this issue.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in Ethtool Netlink Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating