CVE-2025-39915

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a potential deadlock risk within the networking subsystem related to the handling of PHY device configuration. Specifically, a circular locking dependency exists between &pl->state mutex and &phy->lock during the phylink resolve() and phy config inband() functions. This occurs because phylink resolve() acquires &pl->state mutex, which then calls phylink major config(), which in turn acquires &phy->lock. This is inconsistent with the typical locking order where &phy->lock is acquired before &pl->state mutex. The issue could potentially lead to a deadlock if phylink resolve() is concurrent with phy link up() or phy link down(), which acquire &phydev->lock before &pl->state mutex. The problem was discovered using lockdep. The call graph involves functions such as phylink start(), phylink mac initial config(), phylink resolve(), phylink major config(), and phy config inband().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.