CVE-2025-38272 in Linux
Summary
by MITRE • 07/10/2025
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: b53: do not enable EEE on bcm63xx
BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers.
Fix this by checking if the switch actually supports EEE before attempting to configure it.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/07/2025
The vulnerability CVE-2025-38272 addresses a critical issue within the Linux kernel's networking subsystem specifically affecting the DSA (Distributed Switch Architecture) implementation for BCM63xx series switches. This flaw exists in the b53 switch driver which manages the Broadcom BCM63xx internal switch hardware commonly found in networking equipment and embedded systems. The vulnerability stems from an improper configuration check that fails to verify hardware capabilities before attempting to enable Energy Efficient Ethernet (EEE) functionality. The BCM63xx switch architecture presents a unique challenge because while the internal switch itself lacks EEE support, it provides multiple RGMII (Reduced Gigabit Media Independent Interface) ports that can accommodate external PHY (Physical layer) devices capable of EEE operations. This architectural mismatch creates a scenario where the kernel attempts to configure EEE on MAC (Media Access Control) interfaces that are connected to external PHYs, but the configuration process fails due to the absence of corresponding EEE registers in the internal switch hardware.
The technical implementation flaw occurs during the network interface initialization and configuration phase where the kernel's DSA subsystem attempts to enable EEE on all available MAC interfaces without proper hardware capability verification. When an external EEE-capable PHY is connected to one of the RGMII ports, the system erroneously assumes that the entire switch infrastructure supports EEE and proceeds to configure EEE parameters for the MAC interfaces. This misconfiguration triggers a system hang condition when the kernel attempts to access non-existent EEE registers within the BCM63xx switch hardware, effectively causing a complete system freeze or crash. The vulnerability represents a classic case of insufficient hardware abstraction and capability checking, where software assumes hardware capabilities without proper validation. This issue directly correlates to CWE-691, which addresses insufficient control of a resource through a potentially vulnerable control mechanism, and CWE-119, concerning insufficient protection of resources during access, as the system attempts to access memory locations that do not exist.
The operational impact of this vulnerability extends beyond simple system crashes to potentially affect network reliability and availability in embedded networking devices, routers, and network infrastructure equipment that utilize BCM63xx switches. Systems affected by this vulnerability may experience unexpected downtime, particularly during network configuration changes or when external EEE-capable devices are connected to the network. The hang condition can occur at any time during system operation, making it particularly challenging to diagnose and recover from, as it can happen during routine network operations or when attempting to enable energy efficiency features that are intended to improve power consumption. This vulnerability affects devices in the ATT&CK matrix under the T1490 category for Energy Efficiency, where adversaries might exploit such system instability to cause denial of service conditions. The vulnerability is particularly concerning for network infrastructure devices that are expected to maintain high availability and reliability, as any system hang can result in service disruption for connected network clients.
The fix implemented for CVE-2025-38272 addresses the core issue by adding proper hardware capability validation before attempting to configure EEE functionality. The solution involves modifying the b53 switch driver to explicitly check whether the switch hardware actually supports EEE capabilities before proceeding with EEE configuration operations. This validation ensures that EEE is only enabled on MAC interfaces that are connected to hardware that can properly support and implement EEE functionality. The mitigation strategy aligns with security best practices for hardware abstraction layers, ensuring that software components properly validate hardware capabilities before attempting to configure or interact with specific features. This approach prevents the system from attempting to access non-existent hardware registers and eliminates the system hang condition. The fix also demonstrates proper adherence to the principle of least privilege in hardware configuration, where software only attempts operations that are guaranteed to succeed based on hardware capabilities. The solution prevents the propagation of configuration errors from external PHY devices to the internal switch hardware, maintaining system stability while still allowing for proper EEE functionality when it is genuinely supported by the underlying hardware infrastructure.