Description
In the Linux kernel, the following vulnerability has been resolved:

phy: freescale: imx8qm-hsio: fix NULL pointer dereference

During the probe the refclk_pad pointer is set to NULL if the
'fsl,refclk-pad-mode' property is not defined in the devicetree node. But
in imx_hsio_configure_clk_pad() this pointer is unconditionally used which
could result in a NULL pointer dereference. So check the pointer before to
use it.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains a flaw in the imx8qm-hsio driver where the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is missing in the device tree. Later, this pointer is dereferenced during configuration, leading to a NULL pointer dereference that can crash the kernel and deny service. This provides a local denial‑of‑service vector rather than complete remote code execution.

Affected Systems

The vulnerability affects Linux kernel deployments that include the Freescale i.MX8QM HSIO PHY driver. Specific kernel versions are not enumerated in the advisory, so all builds prior to the patch that contain this driver are potentially vulnerable. No product or vendor versions are listed beyond the generic Linux kernel.

Risk and Exploitability

The exploitability details are not quantified; EPSS data is unavailable and KEV has not listed this issue. The attack vector is inferred to be local, requiring a malicious or improperly configured device tree that loads the affected driver. Because the error manifests during probe time, an attacker would need to trigger the driver load, perhaps by providing a crafted device tree node or manipulating kernel boot parameters. The lack of public exploits suggests the risk is moderate for environments that load the driver, but unpatched systems remain vulnerable to accidental crashes caused by missing device tree properties.

Generated by OpenCVE AI on May 27, 2026 at 16:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the bug fix demonstrated in the commit logs cited in the advisory.
  • If an immediate kernel upgrade is not feasible, edit the device tree to either provide a valid 'fsl,refclk-pad-mode' property for the i.MX8QM HSIO node or remove the node altogether so the driver is not probed.
  • As a temporary measure, disable the imx8qm-hsio driver or mask the device tree node to prevent it from loading if the feature is not required.
  • Monitor system logs for kernel panics related to HSIO drivers and apply corrective action promptly.

Generated by OpenCVE AI on May 27, 2026 at 16:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imx_hsio_configure_clk_pad() this pointer is unconditionally used which could result in a NULL pointer dereference. So check the pointer before to use it.
Title phy: freescale: imx8qm-hsio: fix NULL pointer dereference
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:15:53.604Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45874

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.913

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:00:16Z

Weaknesses