CVE-2025-40120 — Deadlock in Linux
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vectorEPSS
0.0%
top 87.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 12
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
Prevent USB runtime PM (autosuspend) for AX88772* in bind.
usbnet enables runtime PM (autosuspend) by default, so disabling it via
the usb_driver flag is ineffective. On AX88772B, autosuspend shows no
measurable power saving with current driver (no link partner, admin
up/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering
the PHY off on adm…
Affected Packages6 packages
▶CVEListV5linux/linux4a2c7217cd5a87e85ceb761e307b030fe6db4805 — 71a0ba7fdaf8d035426912a4ed7bf1738a81010c+6