CVE-2025-39805
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix unregister_netdev call order in macb_remove() When removing a macb device, the driver calls phy_exit() before unregister_netdev(). This leads to a WARN from kernfs: ------------[ cut here ]------------ kernfs: can not remove 'attached_dev', no directory WARNING: CPU: 1 PID: 27146 at fs/kernfs/dir.c:1683 Call trace: kernfs_remove_by_name_ns+0xd8/0xf0 sysfs_remove_link+0x24/0x58 phy_detach+0x5c/0x168 phy_disconnect+0x4c/0x70 phylink_disconnect_phy+0x6c/0xc0 [phylink] macb_close+0x6c/0x170 [macb] ... macb_remove+0x60/0x168 [macb] platform_remove+0x5c/0x80 ... The warning happens because the PHY is being exited while the netdev is still registered. The correct order is to unregister the netdev before shutting down the PHY and cleaning up the MDIO bus. Fix this by moving unregister_netdev() ahead of phy_exit() in macb_remove().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-06
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39805
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.18 (inc) to 6.12.45 (exc)
linux linux_kernel From 6.13 (inc) to 6.16.5 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's macb network driver where the order of function calls during device removal is incorrect. Specifically, the driver calls phy_exit() before unregister_netdev(), which causes a warning in the kernel filesystem (kernfs) because the PHY is being shut down while the network device is still registered. The correct sequence is to unregister the network device first, then shut down the PHY and clean up the MDIO bus. The fix involves moving the unregister_netdev() call ahead of phy_exit() in the macb_remove() function.


How can this vulnerability impact me? :

This vulnerability can lead to kernel warnings and potentially unstable behavior during the removal of macb network devices. While it does not describe a direct security exploit, the improper shutdown sequence may cause system instability or unexpected errors related to device removal, which could affect system reliability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the kernel logs for warnings related to 'kernfs: can not remove 'attached_dev', no directory' and the specific call trace involving macb_remove and phy_exit. You can use the command 'dmesg | grep -i kernfs' or 'journalctl -k | grep -i kernfs' to check for these warnings in the kernel log.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where the macb driver has been fixed to call unregister_netdev() before phy_exit() in macb_remove(). Until then, avoid removing macb devices or monitor for the warning to prevent potential issues.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart