AZL-67404

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67404.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67404

Upstream

CVE-2025-39805

Published

2025-09-16T13:15:50Z

Modified

2026-04-01T05:21:12.104654Z

Summary

CVE-2025-39805 affecting package kernel for versions less than 6.6.119.3-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: macb: fix unregisternetdev call order in macbremove()

When removing a macb device, the driver calls phyexit() before unregisternetdev(). This leads to a WARN from kernfs:

------------[ cut here ]------------ kernfs: can not remove 'attacheddev', no directory WARNING: CPU: 1 PID: 27146 at fs/kernfs/dir.c:1683 Call trace: kernfsremovebynamens+0xd8/0xf0 sysfsremovelink+0x24/0x58 phydetach+0x5c/0x168 phydisconnect+0x4c/0x70 phylinkdisconnectphy+0x6c/0xc0 [phylink] macbclose+0x6c/0x170 [macb] ... macbremove+0x60/0x168 [macb] platformremove+0x5c/0x80 ...

The warning happens because the PHY is being exited while the netdev is still registered. The correct order is to unregister the netdev before shutting down the PHY and cleaning up the MDIO bus.

Fix this by moving unregisternetdev() ahead of phyexit() in macb_remove().

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39805

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.119.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67404.json"