CVE-2025-39876

MEDIUM

Linux Kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.

References (9)

Scores

CVSS v3 5.5
EPSS 0.0003
EPSS Percentile 6.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-476
Status published

Affected Products (14)

linux/linux_kernel < 4.20
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
debian/debian_linux
linux/Kernel < 5.4.300linux
linux/Kernel < 5.10.245linux
linux/Kernel < 5.15.194linux
linux/Kernel < 6.1.153linux
linux/Kernel < 6.6.107linux
linux/Kernel < 6.12.48linux
linux/Kernel < 6.16.8linux

Timeline

Published Sep 23, 2025
Tracked Since Feb 18, 2026