CVE-2025-39876

MEDIUM

Linux Kernel - NULL Pointer Dereference in fec_enet_phy_reset_after_clk_enable

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.

References (9)

Core 9

Core References

Third Party Advisory, Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/8c60d12bba14dc655d2d948b1dbf390b3ae39cb8

Patch

https://git.kernel.org/stable/c/20a3433d31c2d2bf70ab0abec75f3136b42ae66c

Patch

https://git.kernel.org/stable/c/93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f

Patch

https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad21f691390651752

Patch

https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9829ef822f3c32e7

Patch

https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5

Patch

https://git.kernel.org/stable/c/eb148d85e126c47d65be34f2a465d69432ca5541

Patch

https://git.kernel.org/stable/c/03e79de4608bdd48ad6eec272e196124cefaf798

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (35)

debian/debian_linux 11.0

linux/Kernel < 5.4.300linux

linux/Kernel 5.10.0 - 5.15.194linux

linux/Kernel 5.11.0 - 6.1.153linux

linux/Kernel 5.16.0 - 6.6.107linux

linux/Kernel 5.5.0 - 5.10.245linux

linux/Kernel 6.2.0 - 6.12.48linux

linux/Kernel 6.7.0 - 6.16.8linux

Linux/Linux < 5.10

Linux/Linux 4.19.153 - 4.20

... and 25 more

Published Sep 23, 2025

Tracked Since Feb 18, 2026