CVE-2025-39876

Published Sep 23, 2025

Last updated 3 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F9F8E966-D84B-4A94-8A67-E1B47A05557F",
            "versionEndExcluding": "4.20",
            "versionStartIncluding": "4.19.153",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F87D2EAC-B226-4F51-A7D2-5FA87449193E",
            "versionEndExcluding": "5.4.300",
            "versionStartIncluding": "5.4.73",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BEFC3ACE-365D-48E7-9C0A-019C74CC0725",
            "versionEndExcluding": "5.9",
            "versionStartIncluding": "5.8.17",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "710685B8-F7A1-47B0-9080-C471DB16A491",
            "versionEndExcluding": "5.10.245",
            "versionStartIncluding": "5.9.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CF862263-DC8D-4324-A52A-DA1D7880B35A",
            "versionEndExcluding": "5.15.194",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "39B3B4F7-FA64-4E7C-B55D-53A5D004A639",
            "versionEndExcluding": "6.1.153",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D273EDA6-2CFE-4EBD-B024-62EB057830F3",
            "versionEndExcluding": "6.6.107",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9652E701-5C8E-49CF-89A5-499E214A5902",
            "versionEndExcluding": "6.12.48",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8DA00A4E-AABB-4A69-AB39-67B22D0B36D2",
            "versionEndExcluding": "6.16.8",
            "versionStartIncluding": "6.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "327D22EF-390B-454C-BD31-2ED23C998A1C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "C730CD9A-D969-4A8E-9522-162AAF7C0EE9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "39982C4B-716E-4B2F-8196-FA301F47807D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "340BEEA9-D70D-4290-B502-FBB1032353B1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "47E4C5C0-079F-4838-971B-8C503D48FCC2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References