216.73.217.64

CVE-2025-38537

· Published 16/08/2025 12:15 · Modified 16/08/2025 12:15

Labels: CVE-2025-38537 2025-08-16416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-38537

Essential information

Published
16/08/2025 12:15
Modified
16/08/2025 12:15
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock: rtnl_lock() ndo_close() ... phy_detach() phy_remove() phy_leds_unregister() led_classdev_unregister() led_trigger_set() netdev_trigger_deactivate() unregister_netdevice_notifier() rtnl_lock() There is a corresponding deadlock on the open/register side of things (and that one is reported by lockdep), but it requires a race while this one is deterministic. Generic PHYs do not support LEDs anyway, so don't bother registering them.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*

References