CVE-2025-38726

MEDIUM

Linux Kernel 6.12-6.12.42, 6.13-6.15.10, 6.16-6.16.1 - NULL Pointer Dereference in ftgmac100_phy_disconnect

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect After the call to phy_disconnect() netdev->phydev is reset to NULL. So fixed_phy_unregister() would be called with a NULL pointer as argument. Therefore cache the phy_device before this call.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/ae59ec969c07c73f0610f8bd7e648f01e798d222

Patch

https://git.kernel.org/stable/c/44bcd397ad9cd1a6b25fabb7f5edbee4fb0cfc2e

Patch

https://git.kernel.org/stable/c/9ad90dd34b4e8e5be1e45a4559f4de0f14e53af2

Patch

https://git.kernel.org/stable/c/e88fbc30dda1cb7438515303704ceddb3ade4ecd

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 6.12.0 - 6.12.43linux

linux/Kernel 6.13.0 - 6.15.11linux

linux/Kernel 6.16.0 - 6.16.2linux

Linux/Linux < 6.12

Linux/Linux 6.12

Linux/Linux 6.12.43 - 6.12.*

Linux/Linux 6.15.11 - 6.15.*

Linux/Linux 6.16.2 - 6.16.*

Linux/Linux 6.17

Linux/Linux e24a6c874601efb3de6e535895dd8e4f56fa98f1 - 44bcd397ad9cd1a6b25fabb7f5edbee4fb0cfc2e

... and 4 more

Published Sep 04, 2025

Tracked Since Feb 18, 2026