Lukas Wunner

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a deadlock in the Linux kernel's r8169 driver, specifically with the `devm led classdev register()` function. This deadlock occurs when the module is removed, causing a RTNL-related deadlock. The problem arises because binding `devm led classdev register()` to the netdev is problematic. To fix this, the device-managed LED functions are avoided. It is noted that `led classdev unregister()` can be safely called for a LED even if registering it failed, as it detects this and is a no-op in such cases. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, related to the handling of USB Ethernet adapters. The issue arises from a use-after-free error on disconnect, which was attempted to be fixed by a commit that reversed the order of unbind and unregister netdev operations. However, this fix introduced asymmetry in the binding and unbinding process, leading to unnecessary stopping of a PHY (Physical Layer) device. The correct fix involves reverting this commit to restore the original order of operations. **Recommendations** For the Linux kernel, revert the commit 2c9d6c2b871d to restore the original order of unbind and unregister netdev operations, allowing for the call to phy stop() to be unconditional in the ->stop() function.