{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38149","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.988Z","datePublished":"2025-07-03T08:35:54.405Z","dateUpdated":"2026-05-11T21:22:12.534Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:22:12.534Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev->devlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev->devlink, so phydev->devlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev->devlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[   24.702421] Call trace:\n[   24.704856]  device_link_put_kref+0x20/0x120\n[   24.709124]  device_link_del+0x30/0x48\n[   24.712864]  phy_detach+0x24/0x168\n[   24.716261]  phy_attach_direct+0x168/0x3a4\n[   24.720352]  phylink_fwnode_phy_connect+0xc8/0x14c\n[   24.725140]  phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev->devlink needs to be cleared when the device link is\ndeleted."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/phy/phy_device.c"],"versions":[{"version":"bc66fa87d4fda9053a8145e5718fc278c2b88253","lessThan":"363fdf2777423ad346d781f09548cca14877f729","status":"affected","versionType":"git"},{"version":"bc66fa87d4fda9053a8145e5718fc278c2b88253","lessThan":"ddc654e89ace723b78c34911c65243accbc9b75c","status":"affected","versionType":"git"},{"version":"bc66fa87d4fda9053a8145e5718fc278c2b88253","lessThan":"034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87","status":"affected","versionType":"git"},{"version":"bc66fa87d4fda9053a8145e5718fc278c2b88253","lessThan":"0795b05a59b1371b18ffbf09d385296b12e9f5d5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/phy/phy_device.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.34","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729"},{"url":"https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c"},{"url":"https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87"},{"url":"https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5"}],"title":"net: phy: clear phydev->devlink when the link is deleted","x_generator":{"engine":"bippy-1.2.0"}}}}