CVE-2025-38537 (GCVE-0-2025-38537)
Vulnerability from cvelistv5
Published
2025-08-16 11:12
Modified
2025-08-16 11:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock: rtnl_lock() ndo_close() ... phy_detach() phy_remove() phy_leds_unregister() led_classdev_unregister() led_trigger_set() netdev_trigger_deactivate() unregister_netdevice_notifier() rtnl_lock() There is a corresponding deadlock on the open/register side of things (and that one is reported by lockdep), but it requires a race while this one is deterministic. Generic PHYs do not support LEDs anyway, so don't bother registering them.
Impacted products
Vendor Product Version
Linux Linux Version: 01e5b728e9e43ae444e0369695a5f72209906464
Version: 01e5b728e9e43ae444e0369695a5f72209906464
Version: 01e5b728e9e43ae444e0369695a5f72209906464
Version: 01e5b728e9e43ae444e0369695a5f72209906464
Create a notification for this product.
   Linux Linux Version: 6.4
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/phy_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec158d05eaa91b2809cab65f8068290e3c05ebdd",
              "status": "affected",
              "version": "01e5b728e9e43ae444e0369695a5f72209906464",
              "versionType": "git"
            },
            {
              "lessThan": "fd6493533af9e5d73d0d42ff2a8ded978a701dc6",
              "status": "affected",
              "version": "01e5b728e9e43ae444e0369695a5f72209906464",
              "versionType": "git"
            },
            {
              "lessThan": "75e1b2079ef0653a2f7aa69be515d86b7faf1908",
              "status": "affected",
              "version": "01e5b728e9e43ae444e0369695a5f72209906464",
              "versionType": "git"
            },
            {
              "lessThan": "f0f2b992d8185a0366be951685e08643aae17d6d",
              "status": "affected",
              "version": "01e5b728e9e43ae444e0369695a5f72209906464",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/phy/phy_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.100",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.40",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don\u0027t register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY\u0027s ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn\u0027t\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n    ...\n    phy_detach()\n        phy_remove()\n            phy_leds_unregister()\n                led_classdev_unregister()\n                    led_trigger_set()\n                        netdev_trigger_deactivate()\n                            unregister_netdevice_notifier()\n                                rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don\u0027t bother registering\nthem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-16T11:12:29.432Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d"
        }
      ],
      "title": "net: phy: Don\u0027t register LEDs for genphy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38537",
    "datePublished": "2025-08-16T11:12:29.432Z",
    "dateReserved": "2025-04-16T04:51:24.024Z",
    "dateUpdated": "2025-08-16T11:12:29.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38537\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-16T12:15:29.467\",\"lastModified\":\"2025-08-18T20:16:28.750\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: phy: Don\u0027t register LEDs for genphy\\n\\nIf a PHY has no driver, the genphy driver is probed/removed directly in\\nphy_attach/detach. If the PHY\u0027s ofnode has an \\\"leds\\\" subnode, then the\\nLEDs will be (un)registered when probing/removing the genphy driver.\\nThis could occur if the leds are for a non-generic driver that isn\u0027t\\nloaded for whatever reason. Synchronously removing the PHY device in\\nphy_detach leads to the following deadlock:\\n\\nrtnl_lock()\\nndo_close()\\n    ...\\n    phy_detach()\\n        phy_remove()\\n            phy_leds_unregister()\\n                led_classdev_unregister()\\n                    led_trigger_set()\\n                        netdev_trigger_deactivate()\\n                            unregister_netdevice_notifier()\\n                                rtnl_lock()\\n\\nThere is a corresponding deadlock on the open/register side of things\\n(and that one is reported by lockdep), but it requires a race while this\\none is deterministic.\\n\\nGeneric PHYs do not support LEDs anyway, so don\u0027t bother registering\\nthem.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: No registrar los LED para genphy. Si una PHY no tiene controlador, el controlador genphy se prueba/elimina directamente en phy_attach/detach. Si el nodo ofnode de la PHY tiene un subnodo \\\"leds\\\", los LED se (des)registrar\u00e1n al probar/eliminar el controlador genphy. Esto podr\u00eda ocurrir si los LED corresponden a un controlador no gen\u00e9rico que no est\u00e1 cargado por cualquier motivo. La eliminaci\u00f3n sincr\u00f3nica del dispositivo PHY en phy_detach genera el siguiente bloqueo: rtnl_lock() ndo_close() ... phy_detach() phy_remove() phy_leds_unregister() led_classdev_unregister() led_trigger_set() netdev_trigger_deactivate() unregister_netdevice_notifier() rtnl_lock() Existe un bloqueo correspondiente en el lado de apertura/registro (y este es reportado por lockdep), pero requiere una carrera mientras que este es determinista. Los PHY gen\u00e9ricos no admiten LED de todos modos, as\u00ed que no se moleste en registrarlos.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…