CVE-2025-38149

EPSS 0.03%
Veröffentlicht 03.07.2025 08:35:54
Zuletzt bearbeitet 03.07.2025 15:13:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net: phy: clear phydev->devlink when the link is deleted

There is a potential crash issue when disabling and re-enabling the
network port. When disabling the network port, phy_detach() calls
device_link_del() to remove the device link, but it does not clear
phydev->devlink, so phydev->devlink is not a NULL pointer. Then the
network port is re-enabled, but if phy_attach_direct() fails before
calling device_link_add(), the code jumps to the "error" label and
calls phy_detach(). Since phydev->devlink retains the old value from
the previous attach/detach cycle, device_link_del() uses the old value,
which accesses a NULL pointer and causes a crash. The simplified crash
log is as follows.

[   24.702421] Call trace:
[   24.704856]  device_link_put_kref+0x20/0x120
[   24.709124]  device_link_del+0x30/0x48
[   24.712864]  phy_detach+0x24/0x168
[   24.716261]  phy_attach_direct+0x168/0x3a4
[   24.720352]  phylink_fwnode_phy_connect+0xc8/0x14c
[   24.725140]  phylink_of_phy_connect+0x1c/0x34

Therefore, phydev->devlink needs to be cleared when the device link is
deleted.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 363fdf2777423ad346d781f09548cca14877f729

Version bc66fa87d4fda9053a8145e5718fc278c2b88253

Status affected

Version < ddc654e89ace723b78c34911c65243accbc9b75c

Version bc66fa87d4fda9053a8145e5718fc278c2b88253

Status affected

Version < 034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87

Version bc66fa87d4fda9053a8145e5718fc278c2b88253

Status affected

Version < 0795b05a59b1371b18ffbf09d385296b12e9f5d5

Version bc66fa87d4fda9053a8145e5718fc278c2b88253

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.2

Status affected

Version < 6.2

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.94

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729

https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c

https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87

https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5

https://nvd.nist.gov/vuln/detail/CVE-2025-38149

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38149

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38149

EUVD