CVE-2025-38149

MEDIUM EPSS 4.1%
Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev->devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phy_detach() calls device_link_del() to remove the device link, but it does not clear phydev->devlink, so phydev->devlink is not a NULL pointer. Then the network port is re-enabled, but if phy_attach_direct() fails before calling device_link_add(), the code jumps to the "error" label and calls phy_detach(). Since phydev->devlink retains the old value from the previous attach/detach cycle, device_link_del() uses the old value, which accesses a NULL pointer and causes a crash. The simplified crash log is as follows. [ 24.702421] Call trace: [ 24.704856] device_link_put_kref+0x20/0x120 [ 24.709124] device_link_del+0x30/0x48 [ 24.712864] phy_detach+0x24/0x168 [ 24.716261] phy_attach_direct+0x168/0x3a4 [ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c [ 24.725140] phylink_of_phy_connect+0x1c/0x34 Therefore, phydev->devlink needs to be cleared when the device link is deleted.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3

References 4

  • git.kernel.org https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c
    Patch