CVE-2026-45874 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imx_hsio_configure_clk_pad() this pointer is unconditionally used which could result in a NULL pointer dereference. So check the pointer before to use it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/4dd5d4c0361af0a3fd24f45c815996abf4429770
https://git.kernel.org/stable/c/8d29e81e9cdec84d4b9acb1736550d35e86c88af
https://git.kernel.org/stable/c/a771b386cb6c6e582e7b50f8eeff3347ff887f71
https://git.kernel.org/stable/c/dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2

History

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imx_hsio_configure_clk_pad() this pointer is unconditionally used which could result in a NULL pointer dereference. So check the pointer before to use it.
Title		phy: freescale: imx8qm-hsio: fix NULL pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4dd5d4c0361af0a3fd24f45c815996abf4429770 https://git.kernel.org/stable/c/8d29e81e9cdec84d4b9acb1736550d35e86c88af https://git.kernel.org/stable/c/a771b386cb6c6e582e7b50f8eeff3347ff887f71 https://git.kernel.org/stable/c/dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:53.604Z

Updated: 2026-05-27T12:15:53.604Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45874

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.913

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45874

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45874", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.081Z", "datePublished": "2026-05-27T12:15:53.604Z", "dateUpdated": "2026-05-27T12:15:53.604Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:15:53.604Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: freescale: imx8qm-hsio: fix NULL pointer dereference\n\nDuring the probe the refclk_pad pointer is set to NULL if the\n'fsl,refclk-pad-mode' property is not defined in the devicetree node. But\nin imx_hsio_configure_clk_pad() this pointer is unconditionally used which\ncould result in a NULL pointer dereference. So check the pointer before to\nuse it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/freescale/phy-fsl-imx8qm-hsio.c"], "versions": [{"version": "82c56b6dd24fcdf811f2b47b72e5585c8a79b685", "lessThan": "a771b386cb6c6e582e7b50f8eeff3347ff887f71", "status": "affected", "versionType": "git"}, {"version": "82c56b6dd24fcdf811f2b47b72e5585c8a79b685", "lessThan": "dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2", "status": "affected", "versionType": "git"}, {"version": "82c56b6dd24fcdf811f2b47b72e5585c8a79b685", "lessThan": "8d29e81e9cdec84d4b9acb1736550d35e86c88af", "status": "affected", "versionType": "git"}, {"version": "82c56b6dd24fcdf811f2b47b72e5585c8a79b685", "lessThan": "4dd5d4c0361af0a3fd24f45c815996abf4429770", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/freescale/phy-fsl-imx8qm-hsio.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.14", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.18.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a771b386cb6c6e582e7b50f8eeff3347ff887f71"}, {"url": "https://git.kernel.org/stable/c/dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2"}, {"url": "https://git.kernel.org/stable/c/8d29e81e9cdec84d4b9acb1736550d35e86c88af"}, {"url": "https://git.kernel.org/stable/c/4dd5d4c0361af0a3fd24f45c815996abf4429770"}], "title": "phy: freescale: imx8qm-hsio: fix NULL pointer dereference", "x_generator": {"engine": "bippy-1.2.0"}}}}