CVE-2025-38725

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: usb: asix_devices: add phy_mask for ax88772 mdio bus

Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy device will bind to net phy driver. This is creating issue during system suspend/resume since phy_polling_mode() in phy_state_machine() will directly deference member of phydev->drv for non-main phy devices. Then NULL pointer dereference issue will occur. Due to only external phy or internal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud the issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < 75947d3200de98a9ded9ad8972e02f1a177097feaffected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < 59ed6fbdb1bc03316e09493ffde7066f031c7524affected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < ccef5ee4adf56472aa26bdd1f821a6d0cd06089aaffected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < ee2cd40b0bb46056949a2319084a729d95389386affected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < a754ab53993b1585132e871c5d811167ad3c52ffaffected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < ad1f8313aeec0115f9978bd2d002ef4a8d96c773affected
LinuxLinuxe532a096be0e5e570b383e71d4560e7f04384e0f < 4faff70959d51078f9ee8372f8cff0d7045e4114affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.149 <= 6.1.*unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.43 <= 6.12.*unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References