{"id":"CVE-2025-38149","summary":"net: phy: clear phydev-\u003edevlink when the link is deleted","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[   24.702421] Call trace:\n[   24.704856]  device_link_put_kref+0x20/0x120\n[   24.709124]  device_link_del+0x30/0x48\n[   24.712864]  phy_detach+0x24/0x168\n[   24.716261]  phy_attach_direct+0x168/0x3a4\n[   24.720352]  phylink_fwnode_phy_connect+0xc8/0x14c\n[   24.725140]  phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.","modified":"2026-04-16T04:31:06.656207759Z","published":"2025-07-03T08:35:54.405Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38149.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0795b05a59b1371b18ffbf09d385296b12e9f5d5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/363fdf2777423ad346d781f09548cca14877f729"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ddc654e89ace723b78c34911c65243accbc9b75c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38149.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38149"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bc66fa87d4fda9053a8145e5718fc278c2b88253"},{"fixed":"363fdf2777423ad346d781f09548cca14877f729"},{"fixed":"ddc654e89ace723b78c34911c65243accbc9b75c"},{"fixed":"034bc4a2a72dea2cfcaf24c6bae03c38ad5a0b87"},{"fixed":"0795b05a59b1371b18ffbf09d385296b12e9f5d5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38149.json"}}],"schema_version":"1.7.5"}