Null Pointer Vulnerability in Linux Kernel's FTGMAC100 Driver
CVE-2025-38726

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38726?

A vulnerability exists in the FTGMAC100 driver of the Linux kernel, where a NULL pointer access could occur during the disconnection of a PHY device. Specifically, after the phy_disconnect() call, the network device's phydev is set to NULL, which could lead to invalid memory access and potential system instability. The vulnerability has been addressed by ensuring that the phy_device is cached before invoking the fixed_phy_unregister() function, effectively preventing such access issues.

Affected Version(s)

Linux e24a6c874601efb3de6e535895dd8e4f56fa98f1

Linux e24a6c874601efb3de6e535895dd8e4f56fa98f1 < 44bcd397ad9cd1a6b25fabb7f5edbee4fb0cfc2e

Linux e24a6c874601efb3de6e535895dd8e4f56fa98f1 < 9ad90dd34b4e8e5be1e45a4559f4de0f14e53af2

References

https://git.kernel.org/stable/c/ae59ec969c07c73f0610f8bd7...

https://git.kernel.org/stable/c/44bcd397ad9cd1a6b25fabb7f...

https://git.kernel.org/stable/c/9ad90dd34b4e8e5be1e45a455...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025