CVE-2025-38537

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw where LEDs are registered for generic PHYs even when a driver is not present. This can lead to a deadlock during the registration or unregistration of LEDs, specifically when synchronously removing the PHY device in phy detach(). The deadlock occurs due to recursive locking of rtnl lock() within the phy detach() function and related LED unregistration processes. Generic PHYs do not support LEDs, so registering them is unnecessary.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833

Related Identifiers

AZL-66408

BDU:2025-14969

CVE-2025-38537

OPENSUSE-SU-2026:20287-1

SUSE-SU-2025:03272-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03301-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20653-1

SUSE-SU-2025:20669-1

SUSE-SU-2025:20739-1

SUSE-SU-2025:20756-1

SUSE-SU-2025_03272-1

SUSE-SU-2025_03290-1

SUSE-SU-2025_03301-1

SUSE-SU-2025_03382-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38537

Weakness Enumeration

Related Identifiers

Affected Products

References · 2732