In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
The probe() function is only used for DP83822 and DP83826 PHY,
leaving the private data pointer uninitialized for the DP83825 models
which causes a NULL pointer dereference in the recently introduced/changed
functions dp8382x_config_init() and dp83822_set_wol().
Add the dp8382x_probe() function, so all PHY models will have a valid
private data pointer to fix this issue and also prevent similar issues
in the future.
Security readout for executives and security teams
Plain-English summary
CVE-2024-46856 is a Linux kernel bug affecting systems that use DP83825 Ethernet PHY devices. The driver can dereference a missing private-data pointer, causing a kernel crash or device instability. The source bundle does not provide CVSS, confirmed exploitation, or a vendor mitigation beyond the referenced kernel fixes.
Executive priority
Treat this as targeted operational risk, not broad internet-facing emergency. Prioritize organizations with Linux-based embedded or network devices using DP83825 Ethernet PHY hardware, especially where device crashes could disrupt operations.
Technical view
The Linux dp83822 PHY driver initialized private data only for DP83822 and DP83826. DP83825 models could enter dp8382x_config_init() or dp83822_set_wol() with an uninitialized private pointer, triggering a NULL pointer dereference. The fix adds dp8382x_probe() coverage so all listed PHY models receive valid private data.
Likely exposure
Exposure appears limited to Linux systems running affected kernel versions with DP83825 PHY hardware using this driver path. General Linux servers without those PHY models are unlikely to be exposed based on the supplied sources.
Exploitation context
The source bundle marks KEV as false and provides no evidence of active exploitation or public exploit use. The described impact is a local kernel driver NULL pointer dereference condition, most plausibly causing denial of service or device instability.
Researcher notes
Evidence is concise and kernel-focused. No CVSS, CWE, exploitability detail, or downstream distro status is supplied. The affected-version data includes kernel branches and commit identifiers, so validation should rely on actual deployed kernel source or vendor package changelogs.
Mitigation direction
Identify Linux systems using DP83825 PHY devices and affected kernel branches.
Apply vendor or stable-kernel updates containing the referenced fixes.
Prioritize embedded, appliance, OT, and network-edge Linux devices with this PHY hardware.
If updates are unavailable, monitor vendor guidance for supported mitigations.
Do not deploy unverified driver workarounds without vendor testing.
Validation and detection
Check kernel version and driver source for the referenced stable commits.
Inventory hardware for DP83825 PHY devices using this Linux driver.
Review kernel logs for NULL pointer dereferences in dp8382x_config_init or dp83822_set_wol.
Confirm whether affected devices use Wake-on-LAN paths.
Track vendor advisories for downstream kernel package status.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-46856 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.