CVE-2025-38537

In the Linux kernel, the following vulnerability has been resolved:

net: phy: Don't register LEDs for genphy

If a PHY has no driver, the genphy driver is probed/removed directly in phyattach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phydetach leads to the following deadlock:

rtnllock() ndoclose() ... phydetach() phyremove() phyledsunregister() ledclassdevunregister() ledtriggerset() netdevtriggerdeactivate() unregisternetdevicenotifier() rtnl_lock()

There is a corresponding deadlock on the open/register side of things (and that one is reported by lockdep), but it requires a race while this one is deterministic.

Generic PHYs do not support LEDs anyway, so don't bother registering them.