| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111252-CVE-2025-40120-8b68@gregkh> Date: Wed, 12 Nov 2025 19:23:56 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40120: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_driver flag is ineffective. On AX88772B, autosuspend shows no measurable power saving with current driver (no link partner, admin up/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering the PHY off on admin-down, not from USB autosuspend. The real hazard is that with runtime PM enabled, ndo_open() (under RTNL) may synchronously trigger autoresume (usb_autopm_get_interface()) into asix_resume() while the USB PM lock is held. Resume paths then invoke phylink/phylib and MDIO, which also expect RTNL, leading to possible deadlocks or PM lock vs MDIO wake issues. To avoid this, keep the device runtime-PM active by taking a usage reference in ax88772_bind() and dropping it in unbind(). A non-zero PM usage count blocks runtime suspend regardless of userspace policy (.../power/control - pm_runtime_allow/forbid), making this approach robust against sysfs overrides. Holding a runtime-PM usage ref does not affect system-wide suspend; system sleep/resume callbacks continue to run as before. The Linux kernel CVE team has assigned CVE-2025-40120 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 5.15.195 with commit 71a0ba7fdaf8d035426912a4ed7bf1738a81010c Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 6.1.156 with commit 3e96cd27ff1a004d84908c1b6cc68ac60913874e Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 6.6.112 with commit 724a9db84188f80ef60b1f21cc7b4e9c84e0cb64 Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 6.12.53 with commit 1534517300e12f2930b6ff477b8820ff658afd11 Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 6.17.3 with commit 9d8bcaf6fae1bd82bc27ec09a2694497e6f6c4b4 Issue introduced in 5.14 with commit 4a2c7217cd5a87e85ceb761e307b030fe6db4805 and fixed in 6.18-rc1 with commit 3d3c4cd5c62f24bb3cb4511b7a95df707635e00a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40120 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/usb/asix_devices.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/71a0ba7fdaf8d035426912a4ed7bf1738a81010c https://git.kernel.org/stable/c/3e96cd27ff1a004d84908c1b6cc68ac60913874e https://git.kernel.org/stable/c/724a9db84188f80ef60b1f21cc7b4e9c84e0cb64 https://git.kernel.org/stable/c/1534517300e12f2930b6ff477b8820ff658afd11 https://git.kernel.org/stable/c/9d8bcaf6fae1bd82bc27ec09a2694497e6f6c4b4 https://git.kernel.org/stable/c/3d3c4cd5c62f24bb3cb4511b7a95df707635e00a
Powered by blists - more mailing lists