CVE-2025-39905

EPSS 0.02%
Published 01.10.2025 08:15:33
Last modified 02.10.2025 19:12:17
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net: phylink: add lock for serializing concurrent pl->phydev writes with resolver

Currently phylink_resolve() protects itself against concurrent
phylink_bringup_phy() or phylink_disconnect_phy() calls which modify
pl->phydev by relying on pl->state_mutex.

The problem is that in phylink_resolve(), pl->state_mutex is in a lock
inversion state with pl->phydev->lock. So pl->phydev->lock needs to be
acquired prior to pl->state_mutex. But that requires dereferencing
pl->phydev in the first place, and without pl->state_mutex, that is
racy.

Hence the reason for the extra lock. Currently it is redundant, but it
will serve a functional purpose once mutex_lock(&phy->lock) will be
moved outside of the mutex_lock(&pl->state_mutex) section.

Another alternative considered would have been to let phylink_resolve()
acquire the rtnl_mutex, which is also held when phylink_bringup_phy()
and phylink_disconnect_phy() are called. But since phylink_disconnect_phy()
runs under rtnl_lock(), it would deadlock with phylink_resolve() when
calling flush_work(&pl->resolve). Additionally, it would have been
undesirable because it would have unnecessarily blocked many other call
paths as well in the entire kernel, so the smaller-scoped lock was
preferred.

Affected products Warnungen 0 Metrics 1 CWE 0 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 56fe63b05ec84ae6674269d78397cec43a7a295a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 6.16.*

Version 6.16.8

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3

https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78397cec43a7a295a

https://nvd.nist.gov/vuln/detail/CVE-2025-39905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39905

EUVD