Potential NULL Pointer Dereference in Linux Kernel's Ethernet Driver
CVE-2025-39876

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39876?

A vulnerability in the Linux kernel's Ethernet driver can lead to a potential NULL pointer dereference due to the function of_phy_find_device returning NULL. This flaw could adversely affect system stability and performance if not properly handled. Developers are encouraged to verify pointers before dereferencing them to mitigate this risk.

Affected Version(s)

Linux 64a632da538a6827fad0ea461925cedb9899ebe2 < 5f1bb554a131e59b28482abad21f691390651752

Linux 64a632da538a6827fad0ea461925cedb9899ebe2

Linux 64a632da538a6827fad0ea461925cedb9899ebe2 < 4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5

References

https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad...

https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9...

https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON