Concurrent Write Vulnerability in Linux Kernel Affecting Phylink Component
CVE-2025-39905

7HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39905?

A vulnerability has been identified in the Linux Kernel's Phylink component where concurrent modifications to the pl->phydev object can lead to lock inversion. The phylink_resolve function was previously safeguarded by the pl->state_mutex, but it is in conflict with pl->phydev->lock. Consequently, this situation creates a race condition when dereferencing pl->phydev without proper mutex protection. To remedy this, an additional lock mechanism has been introduced to ensure thread-safe operations. This update enhances the kernel's stability during concurrent device operations and protects against potential deadlocks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 5fd0f1a02e750e2db4038dee60edea669ce5aab1 < 56fe63b05ec84ae6674269d78397cec43a7a295a

Linux 5fd0f1a02e750e2db4038dee60edea669ce5aab1 < 0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3

Linux 6.14

References

https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78...

https://git.kernel.org/stable/c/0ba5b2f2c381dbec9ed9e4ab3...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-39905?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.