-

CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved:

net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock

Prevent USB runtime PM (autosuspend) for AX88772* in bind.

usbnet enables runtime PM (autosuspend) by default, so disabling it via
the usb_driver flag is ineffective. On AX88772B, autosuspend shows no
measurable power saving with current driver (no link partner, admin
up/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering
the PHY off on admin-down, not from USB autosuspend.

The real hazard is that with runtime PM enabled, ndo_open() (under RTNL)
may synchronously trigger autoresume (usb_autopm_get_interface()) into
asix_resume() while the USB PM lock is held. Resume paths then invoke
phylink/phylib and MDIO, which also expect RTNL, leading to possible
deadlocks or PM lock vs MDIO wake issues.

To avoid this, keep the device runtime-PM active by taking a usage
reference in ax88772_bind() and dropping it in unbind(). A non-zero PM
usage count blocks runtime suspend regardless of userspace policy
(.../power/control - pm_runtime_allow/forbid), making this approach
robust against sysfs overrides.

Holding a runtime-PM usage ref does not affect system-wide suspend;
system sleep/resume callbacks continue to run as before.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 71a0ba7fdaf8d035426912a4ed7bf1738a81010c
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
Version < 3e96cd27ff1a004d84908c1b6cc68ac60913874e
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
Version < 724a9db84188f80ef60b1f21cc7b4e9c84e0cb64
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
Version < 1534517300e12f2930b6ff477b8820ff658afd11
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
Version < 9d8bcaf6fae1bd82bc27ec09a2694497e6f6c4b4
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
Version < 3d3c4cd5c62f24bb3cb4511b7a95df707635e00a
Version 4a2c7217cd5a87e85ceb761e307b030fe6db4805
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.14
Status affected
Version < 5.14
Version 0
Status unaffected
Version <= 5.15.*
Version 5.15.195
Status unaffected
Version <= 6.1.*
Version 6.1.156
Status unaffected
Version <= 6.6.*
Version 6.6.112
Status unaffected
Version <= 6.12.*
Version 6.12.53
Status unaffected
Version <= 6.17.*
Version 6.17.3
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.166
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.