CVE-2025-38149
net: phy: clear phydev->devlink when the link is deleted
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
net: phy: clear phydev->devlink when the link is deleted
In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev->devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phy_detach() calls device_link_del() to remove the device link, but it does not clear phydev->devlink, so phydev->devlink is not a NULL pointer. Then the network port is re-enabled, but if phy_attach_direct() fails before calling device_link_add(), the code jumps to the "error" label and calls phy_detach(). Since phydev->devlink retains the old value from the previous attach/detach cycle, device_link_del() uses the old value, which accesses a NULL pointer and causes a crash. The simplified crash log is as follows. [ 24.702421] Call trace: [ 24.704856] device_link_put_kref+0x20/0x120 [ 24.709124] device_link_del+0x30/0x48 [ 24.712864] phy_detach+0x24/0x168 [ 24.716261] phy_attach_direct+0x168/0x3a4 [ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c [ 24.725140] phylink_of_phy_connect+0x1c/0x34 Therefore, phydev->devlink needs to be cleared when the device link is deleted.
Reserved 2025-04-16 | Published 2025-07-03 | Updated 2025-07-03 | Assigner Linuxgit.kernel.org/...c/363fdf2777423ad346d781f09548cca14877f729
git.kernel.org/...c/ddc654e89ace723b78c34911c65243accbc9b75c
git.kernel.org/...c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87
git.kernel.org/...c/0795b05a59b1371b18ffbf09d385296b12e9f5d5
Support options
