CVE-2025-38149
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38149
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38149.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38149
- Downstream
- Published
- 2025-07-03T09:15:29Z
- Modified
- 2025-07-10T16:00:22Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: phy: clear phydev->devlink when the link is deleted
There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach() calls devicelinkdel() to remove the device link, but it does not clear phydev->devlink, so phydev->devlink is not a NULL pointer. Then the network port is re-enabled, but if phyattachdirect() fails before calling devicelinkadd(), the code jumps to the "error" label and calls phydetach(). Since phydev->devlink retains the old value from the previous attach/detach cycle, devicelinkdel() uses the old value, which accesses a NULL pointer and causes a crash. The simplified crash log is as follows.
[ 24.702421] Call trace: [ 24.704856] devicelinkputkref+0x20/0x120 [ 24.709124] devicelinkdel+0x30/0x48 [ 24.712864] phydetach+0x24/0x168 [ 24.716261] phyattachdirect+0x168/0x3a4 [ 24.720352] phylinkfwnodephyconnect+0xc8/0x14c [ 24.725140] phylinkofphyconnect+0x1c/0x34
Therefore, phydev->devlink needs to be cleared when the device link is deleted.
- References
-
- https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87
- https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5
- https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729
- https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c
- https://security-tracker.debian.org/tracker/CVE-2025-38149
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source