CVE-2025-40239
- Source
- https://cve.org/CVERecord?id=CVE-2025-40239
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40239.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40239
- Downstream
- Related
- Published
- 2025-12-04T15:31:28.941Z
- Modified
- 2026-03-20T12:43:14.126652Z
- Summary
- net: phy: micrel: always set shared->phydev for LAN8814
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: phy: micrel: always set shared->phydev for LAN8814
Currently, during the LAN8814 PTP probe shared->phydev is only set if PTP clock gets actually set, otherwise the function will return before setting it.
This is an issue as shared->phydev is unconditionally being used when IRQ is being handled, especially in lan8814gpioprocess_cap and since it was not set it will cause a NULL pointer exception and crash the kernel.
So, simply always set shared->phydev to avoid the NULL pointer exception.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40239.json" }- References
-
- https://git.kernel.org/stable/c/399d10934740ae8cdaa4e3245f7c5f6c332da844
- https://git.kernel.org/stable/c/b093b06826b836c2824858669db080c190c04715
- https://git.kernel.org/stable/c/da1ef8e9eb5d4a12bec32d11636e521e7d529b9e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40239.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40239
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git