{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38537", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.024Z", "datePublished": "2025-08-16T11:12:29.432Z", "dateUpdated": "2025-08-16T11:12:29.432Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-16T11:12:29.432Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don't register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY's ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn't\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n ...\n phy_detach()\n phy_remove()\n phy_leds_unregister()\n led_classdev_unregister()\n led_trigger_set()\n netdev_trigger_deactivate()\n unregister_netdevice_notifier()\n rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don't bother registering\nthem."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/phy_device.c"], "versions": [{"version": "01e5b728e9e43ae444e0369695a5f72209906464", "lessThan": "ec158d05eaa91b2809cab65f8068290e3c05ebdd", "status": "affected", "versionType": "git"}, {"version": "01e5b728e9e43ae444e0369695a5f72209906464", "lessThan": "fd6493533af9e5d73d0d42ff2a8ded978a701dc6", "status": "affected", "versionType": "git"}, {"version": "01e5b728e9e43ae444e0369695a5f72209906464", "lessThan": "75e1b2079ef0653a2f7aa69be515d86b7faf1908", "status": "affected", "versionType": "git"}, {"version": "01e5b728e9e43ae444e0369695a5f72209906464", "lessThan": "f0f2b992d8185a0366be951685e08643aae17d6d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/phy_device.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.100", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.40", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.8", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.40"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.15.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd"}, {"url": "https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6"}, {"url": "https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908"}, {"url": "https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d"}], "title": "net: phy: Don't register LEDs for genphy", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don't register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY's ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn't\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n ...\n phy_detach()\n phy_remove()\n phy_leds_unregister()\n led_classdev_unregister()\n led_trigger_set()\n netdev_trigger_deactivate()\n unregister_netdevice_notifier()\n rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don't bother registering\nthem."}], "id": "CVE-2025-38537", "lastModified": "2025-08-16T12:15:29.467", "metrics": {}, "published": "2025-08-16T12:15:29.467", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}