Skip to main content

Linux Kernel CVE-2026-45874

| EUVDEUVD-2026-32340 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-jq7f-47xv-x2xg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges to trigger driver path; no confidentiality or integrity impact, only kernel availability via NULL dereference crash.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:15 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

phy: freescale: imx8qm-hsio: fix NULL pointer dereference

During the probe the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imx_hsio_configure_clk_pad() this pointer is unconditionally used which could result in a NULL pointer dereference. So check the pointer before to use it.

AnalysisAI

NULL pointer dereference in the Linux kernel's NXP i.MX8QM HSIO PHY driver crashes the kernel on affected embedded hardware. The flaw exists in imx_hsio_configure_clk_pad(), which unconditionally dereferences refclk_pad even when the fsl,refclk-pad-mode devicetree property is absent, setting the pointer to NULL during probe. A local low-privileged user on NXP i.MX8QM-based systems with vulnerable kernel versions can trigger a kernel panic, causing a full denial-of-service. No public exploit or active exploitation (CISA KEV) has been identified; EPSS of 0.02% at the 5th percentile confirms negligible exploitation probability.

Technical ContextAI

The vulnerability resides in drivers/phy/freescale/imx8qm-hsio.c, the PHY driver for the NXP i.MX8QM SoC's High-Speed IO (HSIO) subsystem, which manages PCIe and USB PHY clocking on NXP's i.MX8QM application processor. During the driver's probe() function, refclk_pad is initialized to NULL if the optional devicetree property fsl,refclk-pad-mode is not present in the node. The function imx_hsio_configure_clk_pad() then dereferences this pointer without a NULL guard, triggering CWE-476 (NULL Pointer Dereference). The root cause class is a missing defensive check on an optionally-set pointer whose NULL state represents a valid but unhandled configuration path. CPE data confirms the affected component is the Linux kernel broadly (cpe:2.3:o:linux:linux_kernel:*), with the EUVD narrowing exposure to commits from 82c56b6dd24fcdf811f2b47b72e5585c8a79b685 onward in the 6.11+ lineage.

RemediationAI

Upgrade to a patched kernel version: 6.12.75, 6.18.14, 6.19.4, or 7.0, as confirmed by EUVD-2026-32340. For systems that cannot be immediately updated, a compensating control is to ensure the devicetree source for the i.MX8QM HSIO PHY node explicitly defines the fsl,refclk-pad-mode property with an appropriate value, which prevents refclk_pad from being set to NULL and sidesteps the dereference - this requires embedded BSP or devicetree expertise and should be validated against the target hardware configuration. Alternatively, restricting local user access to the affected platform reduces the PR:L attack surface. Patch commits are available at the kernel stable tree: https://git.kernel.org/stable/c/4dd5d4c0361af0a3fd24f45c815996abf4429770 and sibling commits for the relevant stable branches.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy