CVE-2025-37989
📋 TL;DR
A memory leak vulnerability in the Linux kernel's PHY LED trigger code can cause out-of-memory conditions during network restarts. This affects Linux systems with network interfaces using PHY LED triggers, potentially leading to system instability or denial of service. The vulnerability stems from improper use of devm memory management APIs.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated network restarts could exhaust system memory, causing kernel panic, system crashes, or complete denial of service.
Likely Case
Gradual memory consumption during network interface operations leading to performance degradation and potential service interruptions.
If Mitigated
Minimal impact with proper monitoring and memory limits, though eventual memory exhaustion remains possible with sufficient triggers.
🎯 Exploit Status
Exploitation requires ability to restart network interfaces, which typically requires local access or specific privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 41143e71052a00d654c15dc924fda50c1e7357d0, 618541a6cc1511064dfa58c89b3445e21844092f, 663c3da86e807c6c07ed48f911c7526fad6fe1ff, 7f3d5880800f962c347777c4f8358f29f5fc403c, 95bed65cc0eb2a610550abf849a8b94374da80a7
Vendor Advisory: https://git.kernel.org/stable/c/41143e71052a00d654c15dc924fda50c1e7357d0
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update. 4. Verify the fix is applied by checking kernel version or examining the PHY LED trigger code.
🔧 Temporary Workarounds
Disable PHY LED triggers
linuxPrevent the vulnerable code from being executed by disabling PHY LED triggers
echo 0 > /sys/class/leds/*/trigger
modprobe -r phylib (if possible)
Disable LED triggers in kernel configuration if rebuilding
Limit network restart frequency
linuxReduce exposure by minimizing network interface restarts
Configure network services to minimize restarts
Implement rate limiting on network management operations
🧯 If You Can't Patch
- Implement memory monitoring and alerts for unusual consumption patterns
- Restrict network management capabilities to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if PHY LED triggers are enabled: lsmod | grep phy, check /sys/class/leds/*/trigger for phy* entriesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: uname -r, check distribution security advisories for specific patch inclusion📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Increasing memory usage in system logs during network operations
- PHY-related errors in kernel logs
Network Indicators:
- Unusual network interface restart patterns
- Increased system memory consumption correlated with network events
SIEM Query:
source="kernel" AND ("out of memory" OR "OOM" OR "slab" OR "kmem") AND ("phy" OR "led" OR "network")🔗 References
- https://git.kernel.org/stable/c/41143e71052a00d654c15dc924fda50c1e7357d0
- https://git.kernel.org/stable/c/618541a6cc1511064dfa58c89b3445e21844092f
- https://git.kernel.org/stable/c/663c3da86e807c6c07ed48f911c7526fad6fe1ff
- https://git.kernel.org/stable/c/7f3d5880800f962c347777c4f8358f29f5fc403c
- https://git.kernel.org/stable/c/95bed65cc0eb2a610550abf849a8b94374da80a7
- https://git.kernel.org/stable/c/966d6494e2ed9be9052fcd9815afba830896aaf8
- https://git.kernel.org/stable/c/b7f0ee992adf601aa00c252418266177eb7ac2bc
- https://git.kernel.org/stable/c/f41f097f68a33d392579885426d0734a81219501
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
