CVE-2025-40239Linux vulnerability

15 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 4
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared->phydev for LAN8814 Currently, during the LAN8814 PTP probe shared->phydev is only set if PTP clock gets actually set, otherwise the function will return before setting it. This is an issue as shared->phydev is unconditionally being used when IRQ is being handled, especially in lan8814_gpio_process_cap and since it was not set it will cause a NULL pointer exception and crash the kernel. So

Affected Packages5 packages

Linuxlinux/linux_kernel6.10.06.12.56+1
Debianlinux/linux_kernel< 6.12.57-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxb3f1a08fcf0dd58d99b14b9f8fbd1929f188b746da1ef8e9eb5d4a12bec32d11636e521e7d529b9e+3
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: net: phy: micrel: always set shared->phydev for LAN88142025-12-04