AZL-70654

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70654.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70654

Upstream

CVE-2025-38272

Published

2025-07-10T08:15:25Z

Modified

2026-04-01T05:21:58.178576Z

Summary

CVE-2025-38272 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: b53: do not enable EEE on bcm63xx

BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers.

Fix this by checking if the switch actually supports EEE before attempting to configure it.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38272

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70654.json"