Primary

Context

Linux Kernel Net: Fec Null Pointer Dereference Vulnerability in PHY Device Reset Function

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Linux kernel's net: fec subsystem. The issue arises in the function 'fec_enet_phy_reset_after_clk_enable()', where 'of_phy_find_device' may return NULL. This requires careful handling before dereferencing 'phy_dev'. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a kernel crash.

Reproduction

The vulnerability can be reproduced by invoking the 'fec_enet_phy_reset_after_clk_enable()' function without a valid 'phy_dev' reference. This can occur if 'of_phy_find_device' returns NULL, which can happen in certain hardware configurations or device tree setups where the PHY node is not correctly defined or accessible.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Sep 23, 2025, 6:29 AM

Updated: Sep 23, 2025, 6:29 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Net: Fec Null Pointer Dereference Vulnerability in PHY Device Reset Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating