CVE-2025-38272

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c	Patch
https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc	Patch
https://git.kernel.org/stable/c/3fbe3f4c57fda09f32e13fa05f53a0cc6f500619	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

20 Nov 2025, 16:56

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c -~~	() https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c - Patch
References	~~() https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc -~~	() https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc - Patch
References	~~() https://git.kernel.org/stable/c/3fbe3f4c57fda09f32e13fa05f53a0cc6f500619 -~~	() https://git.kernel.org/stable/c/3fbe3f4c57fda09f32e13fa05f53a0cc6f500619 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		NVD-CWE-noinfo

Information

Published : 2025-07-10 08:15

Updated : 2025-11-20 16:56

NVD link : CVE-2025-38272

Mitre link : CVE-2025-38272

CVE.ORG link : CVE-2025-38272

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-38272", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-10T08:15:25.423", "references": [{"url": "https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3fbe3f4c57fda09f32e13fa05f53a0cc6f500619", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: b53: no habilitar EEE en bcm63xx. Los conmutadores internos BCM63xx no admiten EEE, pero proporcionan m\u00faltiples puertos RGMII donde se pueden conectar PHY externos. Si uno de estos PHY admite EEE, podemos intentar habilitar EEE para las MAC, lo que bloquea el sistema al acceder a los registros EEE (inexistentes). Para solucionar esto, verifique si el conmutador admite EEE antes de configurarlo."}], "lastModified": "2025-11-20T16:56:06.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69EDAAD9-7AC6-4155-8D32-BBEB6F33FDFD", "versionEndExcluding": "6.12.46", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}