{"id":"CVE-2025-38537","summary":"net: phy: Don't register LEDs for genphy","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Don't register LEDs for genphy\n\nIf a PHY has no driver, the genphy driver is probed/removed directly in\nphy_attach/detach. If the PHY's ofnode has an \"leds\" subnode, then the\nLEDs will be (un)registered when probing/removing the genphy driver.\nThis could occur if the leds are for a non-generic driver that isn't\nloaded for whatever reason. Synchronously removing the PHY device in\nphy_detach leads to the following deadlock:\n\nrtnl_lock()\nndo_close()\n    ...\n    phy_detach()\n        phy_remove()\n            phy_leds_unregister()\n                led_classdev_unregister()\n                    led_trigger_set()\n                        netdev_trigger_deactivate()\n                            unregister_netdevice_notifier()\n                                rtnl_lock()\n\nThere is a corresponding deadlock on the open/register side of things\n(and that one is reported by lockdep), but it requires a race while this\none is deterministic.\n\nGeneric PHYs do not support LEDs anyway, so don't bother registering\nthem.","modified":"2026-03-20T12:42:54.732371Z","published":"2025-08-16T11:12:29.432Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38537.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/75e1b2079ef0653a2f7aa69be515d86b7faf1908"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec158d05eaa91b2809cab65f8068290e3c05ebdd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f0f2b992d8185a0366be951685e08643aae17d6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd6493533af9e5d73d0d42ff2a8ded978a701dc6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38537.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38537"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"01e5b728e9e43ae444e0369695a5f72209906464"},{"fixed":"ec158d05eaa91b2809cab65f8068290e3c05ebdd"},{"fixed":"fd6493533af9e5d73d0d42ff2a8ded978a701dc6"},{"fixed":"75e1b2079ef0653a2f7aa69be515d86b7faf1908"},{"fixed":"f0f2b992d8185a0366be951685e08643aae17d6d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38537.json"}}],"schema_version":"1.7.5"}