Bug 2388920 (CVE-2025-38537) - CVE-2025-38537 kernel: net: phy: Don't register LEDs for genphy
Summary: CVE-2025-38537 kernel: net: phy: Don't register LEDs for genphy
Keywords:
Status: NEW
Alias: CVE-2025-38537
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-16 12:01 UTC by OSIDB Bzimport
Modified: 2025-08-18 13:34 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-16 12:01:22 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: phy: Don't register LEDs for genphy

If a PHY has no driver, the genphy driver is probed/removed directly in
phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the
LEDs will be (un)registered when probing/removing the genphy driver.
This could occur if the leds are for a non-generic driver that isn't
loaded for whatever reason. Synchronously removing the PHY device in
phy_detach leads to the following deadlock:

rtnl_lock()
ndo_close()
    ...
    phy_detach()
        phy_remove()
            phy_leds_unregister()
                led_classdev_unregister()
                    led_trigger_set()
                        netdev_trigger_deactivate()
                            unregister_netdevice_notifier()
                                rtnl_lock()

There is a corresponding deadlock on the open/register side of things
(and that one is reported by lockdep), but it requires a race while this
one is deterministic.

Generic PHYs do not support LEDs anyway, so don't bother registering
them.
Comment 1 Keith Grant 2025-08-18 13:32:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025081657-CVE-2025-38537-180a@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.