CVE-2025-40239

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: phy: micrel: always set shared->phydev for LAN8814

Currently, during the LAN8814 PTP probe shared->phydev is only set if PTP clock gets actually set, otherwise the function will return before setting it.

This is an issue as shared->phydev is unconditionally being used when IRQ is being handled, especially in lan8814_gpio_process_cap and since it was not set it will cause a NULL pointer exception and crash the kernel.

So, simply always set shared->phydev to avoid the NULL pointer exception.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb3f1a08fcf0dd58d99b14b9f8fbd1929f188b746 < da1ef8e9eb5d4a12bec32d11636e521e7d529b9eaffected
LinuxLinuxb3f1a08fcf0dd58d99b14b9f8fbd1929f188b746 < b093b06826b836c2824858669db080c190c04715affected
LinuxLinuxb3f1a08fcf0dd58d99b14b9f8fbd1929f188b746 < 399d10934740ae8cdaa4e3245f7c5f6c332da844affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.56 <= 6.12.*unaffected
LinuxLinux6.17.6 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References