CVE-2025-38725
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy device will bind to net phy driver. This is creating issue during system suspend/resume since phy_polling_mode() in phy_state_machine() will directly deference member of phydev->drv for non-main phy devices. Then NULL pointer dereference issue will occur. Due to only external phy or internal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38725
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's USB driver for asix_devices, specifically the ax88772 mdio bus. Without setting a phy_mask, the driver may create up to 32 mdio phy devices, but only one main phy device binds correctly. During system suspend/resume, the driver attempts to access a driver member of non-main phy devices, which can be NULL, leading to a NULL pointer dereference and potential system crash. The fix involves adding a phy_mask to limit the devices and avoid this issue.

Impact Analysis

This vulnerability can cause system instability or crashes during suspend or resume operations on affected Linux systems using the ax88772 mdio bus driver. Specifically, a NULL pointer dereference can occur, potentially leading to kernel panics or system hangs, impacting system availability and reliability.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that adds phy_mask for the ax88772 mdio bus. This prevents the creation of multiple mdio phy devices and avoids the NULL pointer dereference issue during system suspend/resume. If possible, update your kernel to a version that contains this patch or apply the patch manually. Additionally, avoid using affected devices without the fix, such as the DLink DUB-E100 H/W Ver B1, until the kernel is updated.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38725. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart