github - ghsa-5gh2-95vw-62h6

ghsa-5gh2-95vw-62h6

Vulnerability from github

Published

2025-07-10 09:32

Modified

2025-07-10 09:32

Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: b53: do not enable EEE on bcm63xx

BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers.

Fix this by checking if the switch actually supports EEE before attempting to configure it.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38272"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:25Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
  "id": "GHSA-5gh2-95vw-62h6",
  "modified": "2025-07-10T09:32:28Z",
  "published": "2025-07-10T09:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38272"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-38272 (GCVE-0-2025-38272)

Vulnerability from cvelistv5

Published

2025-07-10 07:41

Modified

2025-07-28 04:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it.

References

►

URL

Tags

	https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc
	https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c

Impacted products

Vendor

Product

Version

►

Version: 22256b0afb12333571ad11799fa68fd27e4f4e80
Version: 22256b0afb12333571ad11799fa68fd27e4f4e80

Version: 4.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/b53/b53_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc",
              "status": "affected",
              "version": "22256b0afb12333571ad11799fa68fd27e4f4e80",
              "versionType": "git"
            },
            {
              "lessThan": "1237c2d4a8db79dfd4369bff6930b0e385ed7d5c",
              "status": "affected",
              "version": "22256b0afb12333571ad11799fa68fd27e4f4e80",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/b53/b53_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:16:54.285Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc"
        },
        {
          "url": "https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c"
        }
      ],
      "title": "net: dsa: b53: do not enable EEE on bcm63xx",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38272",
    "datePublished": "2025-07-10T07:41:53.766Z",
    "dateReserved": "2025-04-16T04:51:23.998Z",
    "dateUpdated": "2025-07-28T04:16:54.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.