Concurrent Write Vulnerability in Linux Kernel Affecting Phylink Component
CVE-2025-39905
What is CVE-2025-39905?
A vulnerability has been identified in the Linux Kernel's Phylink component where concurrent modifications to the pl->phydev object can lead to lock inversion. The phylink_resolve function was previously safeguarded by the pl->state_mutex, but it is in conflict with pl->phydev->lock. Consequently, this situation creates a race condition when dereferencing pl->phydev without proper mutex protection. To remedy this, an additional lock mechanism has been introduced to ensure thread-safe operations. This update enhances the kernel's stability during concurrent device operations and protects against potential deadlocks.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 56fe63b05ec84ae6674269d78397cec43a7a295a
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3
Linux 6.16.8 <= 6.16.*