CVE Catalog

CVE-2026-45874

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel PHY driver for i.MX8QM HSIO, a NULL pointer dereference vulnerability was found. During probe, the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the device tree. The function imx_hsio_configure_clk_pad() uses this pointer unconditionally, which could lead to a system crash.

Risk Assessment

The risk is a potential system crash (kernel panic) during boot on i.MX8QM platforms when the hardware configuration lacks the appropriate device tree entry. This could prevent normal system operation.

Recommendation

Update the Linux kernel to a version containing the fix that adds a pointer check before use in the imx_hsio_configure_clk_pad() function.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imx_hsio_configure_clk_pad() this pointer is unconditionally used which could result in a NULL pointer dereference. So check the pointer before to use it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS