CVE-2025-38726 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-38726 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect After the call to phy_disconnect() netdev->phydev is reset to NULL. So fixed_phy_unregister() would be called with a NULL pointer as argument. Therefore cache the phy_device before this call.

EPSS 0.02% · 3.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

3.2th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.12, 6.12, 6.12
Linux	Linux	6.15.11, e24a6c874601efb3de6e535895dd8e4f56fa98f1, 6.17

Timeline

Jan 21, 1970 Security Advisory
Sep 4, 2025 Coalition ESS Score
Sep 4, 2025 CVE Published
Sep 4, 2025 PoC Published
Sep 5, 2025 EPSS Score
Sep 5, 2025 Coalition ESS Score
Sep 12, 2025 EPSS Score
Sep 19, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score

References

Open in Interactive Console →