CVE-2025-40120

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to USB runtime power management (PM) and Real-Time Network Layer (RTNL) interactions with the AX88772* network adapter. The issue arises when runtime PM is enabled, potentially leading to deadlocks or problems with power management and Medium Dependent Interface (MDIO) operations. Specifically, the ndo open() function, operating under RTNL, might trigger a resume operation (usb autopm get interface()) while holding the USB PM lock. This resume path then invokes phylink/phylib and MDIO, which also require RTNL, creating a potential deadlock scenario. To address this, a usage reference is held to keep the device runtime-PM active during binding and released during unbinding, preventing runtime suspend regardless of system settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.