CVE-2025-38272
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-20
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's network driver for BCM63xx internal switches. These switches do not support Energy Efficient Ethernet (EEE), but they have multiple RGMII ports where external PHYs might be connected. If an external PHY supports EEE, the system may try to enable EEE on the MACs, which leads to the system hanging because it attempts to access non-existent EEE registers on the switch. The fix involves checking if the switch actually supports EEE before trying to configure it.
How can this vulnerability impact me? :
If this vulnerability is triggered, the system can hang or become unresponsive when it tries to enable EEE on BCM63xx switches that do not support it. This can lead to network downtime or system instability, affecting availability and potentially disrupting services relying on the affected hardware.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated with the fix that checks if the BCM63xx switch actually supports Energy Efficient Ethernet (EEE) before attempting to enable it. Avoid enabling EEE on BCM63xx internal switches or connected PHYs that do not support EEE to prevent system hangs.