CVE-2025-37989: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability (CVE-2025-37989) was discovered in the Linux kernel's PHY LED trigger code, disclosed on May 20, 2025. The vulnerability affects the network subsystem, specifically the PHY LED trigger code implementation. The issue was initially identified during a network restart test on a router that led to an out-of-memory condition (NVD, Wiz).

The vulnerability stems from misuse of the devm API in the PHY LED trigger code. The registration function (phyledtriggersregister) is called from phyattachdirect instead of phyprobe, while the unregister function (phyledtriggersunregister) is called from phydetach instead of phy_remove. This implementation allows the register and unregister functions to be called multiple times for the same PHY device, but devm-allocated memory is not freed until the driver is unbound. The issue is further complicated because the devm API internally stores the allocated pointer, preventing kmemleak from detecting the leak. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3.1 score of 5.5 (Moderate) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability can lead to memory leaks during network operations, potentially resulting in out-of-memory conditions on affected systems. This can impact system stability and performance, particularly in scenarios involving frequent network restarts or sustained network operations (NVD, Wiz).

The fix involves replacing devmkzalloc/devmkcalloc with standard kzalloc/kcalloc and adding corresponding kfree calls in the unregister path. This ensures proper memory management and prevents the accumulation of leaked memory (NVD).