Kernel Vulnerability in Micrel LAN8814 by Linux
CVE-2025-40239

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40239?

A vulnerability exists in the Linux kernel's handling of the LAN8814 PTP probe, where the phydev pointer is not set unconditionally. This oversight can lead to a NULL pointer dereference during interrupt handling, specifically in the function lan8814_gpio_process_cap, resulting in a kernel crash. By ensuring that shared->phydev is always set, the risk of encountering a NULL pointer exception is mitigated, thus enhancing system stability.

Affected Version(s)

Linux b3f1a08fcf0dd58d99b14b9f8fbd1929f188b746

Linux b3f1a08fcf0dd58d99b14b9f8fbd1929f188b746 < 399d10934740ae8cdaa4e3245f7c5f6c332da844

References

https://git.kernel.org/stable/c/da1ef8e9eb5d4a12bec32d116...

https://git.kernel.org/stable/c/b093b06826b836c2824858669...

https://git.kernel.org/stable/c/399d10934740ae8cdaa4e3245...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON