Linux · Linux Kernel · CVE-2024-26942
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A NULL dereference bug was introduced in the at803x driver when it was reworked and split. This bug causes the `priv` variable to be referenced before it is allocated, leading to a kernel panic when trying to write to the `is 1000basex` and `is fiber` variables in the case of at8031. The issue is resolved by correctly setting the `priv` local variable only after `at803x probe` is called and actually allocates `priv` in the `phydev` struct.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.