Linux Kernel LAN8814 NULL Pointer Dereference Vulnerability in Micrel PHY Driver

A vulnerability in the Linux kernel's Micrel PHY driver for the LAN8814 Ethernet controller can lead to a NULL pointer dereference, causing a kernel crash. This issue arises because the shared->phydev variable is only set under certain conditions during the PTP probe process. If those conditions are not met, the variable remains unset, yet is still used when handling interrupts. The lack of a proper value leads to a NULL pointer exception, crashing the kernel.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using a LAN8814 Ethernet controller with the Micrel PHY driver in the Linux kernel. During the PTP probe process, if the PTP clock is not set, the shared->phydev variable will not be initialized. However, the driver will still attempt to use this variable when processing interrupts, leading to a NULL pointer dereference and a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.