CVE-2025-39876NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference27 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 23
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel4.19.1534.20+9
Debianlinux/linux_kernel< 5.10.247-1+3
CVEListV5linux/linux9e70485b40c8306298adea8bdc867ca27f88955a8c60d12bba14dc655d2d948b1dbf390b3ae39cb8+11

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-39876: In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function o2025-09-23
GHSA
GHSA-88fr-f63h-6pq4: In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function2025-09-23
CVEList
net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()2025-09-23

📋Vendor Advisories

23
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
CVE-2025-39876 — NULL Pointer Dereference in Linux | cvebase