CVE-2025-39905
Description
In the Linux kernel, the following vulnerability has been resolved:net: phylink: add lock for serializing concurrent pl->phydev writes with resolverCurrently phylink_resolve() protects itself against concurrentphylink_bringup_phy() or phylink_disconnect_phy() calls which modifypl->phydev by relying on pl->state_mutex.The problem is that in phylink_resolve(), pl->state_mutex is in a lockinversion state with pl->phydev->lock. So pl->phydev->lock needs to beacquired prior to pl->state_mutex. But that requires dereferencingpl->phydev in the first place, and without pl->state_mutex, that isracy.Hence the reason for the extra lock. Currently it is redundant, but itwill serve a functional purpose once mutex_lock(&phy->lock) will bemoved outside of the mutex_lock(&pl->state_mutex) section.Another alternative considered would have been to let phylink_resolve()acquire the rtnl_mutex, which is also held when phylink_bringup_phy()and phylink_disconnect_phy() are called. But since phylink_disconnect_phy()runs under rtnl_lock(), it would deadlock with phylink_resolve() whencalling flush_work(&pl->resolve). Additionally, it would have beenundesirable because it would have unnecessarily blocked many other callpaths as well in the entire kernel, so the smaller-scoped lock waspreferred.
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234