Network Port Crash Vulnerability in Linux Kernel by Linux Foundation
CVE-2025-38149
What is CVE-2025-38149?
A vulnerability in the Linux kernel arises when disabling and re-enabling the network port. During this process, a lack of proper management of the device link can lead to crashes if the system attempts to access a NULL pointer. Specifically, when the network port is disabled, the device link fails to clear the associated phydev->devlink. If the port is re-enabled and the re-attachment fails, the kernel tries to delete the device link using an outdated pointer, leading to potential system crashes. It is essential to clear phydev->devlink correctly to avoid this issue and ensure system stability.
Affected Version(s)
Linux bc66fa87d4fda9053a8145e5718fc278c2b88253 < 363fdf2777423ad346d781f09548cca14877f729
Linux bc66fa87d4fda9053a8145e5718fc278c2b88253
Linux bc66fa87d4fda9053a8145e5718fc278c2b88253 < 034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87