USB Connectivity Issue in Linux Kernel Affecting D-Link Devices
CVE-2025-38725

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38725?

A vulnerability in the Linux kernel affects the D-Link DUB-E100 H/W Ver B1, which utilizes the ax88772 MDIO bus. The driver fails to correctly set the phy_mask for these devices, resulting in a limitation of 32 MDIO PHY devices with addresses ranging from 0x00 to 0x1f. Consequently, during system suspend/resume, there can be issues with the phy_polling_mode() in the phy_state_machine(), potentially leading to a NULL pointer dereference when the driver interacts with non-main PHY devices. This problem necessitates the addition of a phy_mask to ensure proper functionality.

Affected Version(s)

Linux e532a096be0e5e570b383e71d4560e7f04384e0f < 75947d3200de98a9ded9ad8972e02f1a177097fe

Linux e532a096be0e5e570b383e71d4560e7f04384e0f < 59ed6fbdb1bc03316e09493ffde7066f031c7524

Linux e532a096be0e5e570b383e71d4560e7f04384e0f

References

https://git.kernel.org/stable/c/75947d3200de98a9ded9ad897...

https://git.kernel.org/stable/c/59ed6fbdb1bc03316e09493ff...

https://git.kernel.org/stable/c/ccef5ee4adf56472aa26bdd1f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025