[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39905":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":38,"related":39,"reserved_at":9,"published_at":42,"modified_at":43,"state":44,"summary":45,"references_raw":53,"kevs":64,"epss":65,"epss_history":68,"metrics":334,"affected":342},"CVE-2025-39905","In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phylink: add lock for serializing concurrent pl->phydev writes with resolver\n\nCurrently phylink_resolve() protects itself against concurrent\nphylink_bringup_phy() or phylink_disconnect_phy() calls which modify\npl->phydev by relying on pl->state_mutex.\n\nThe problem is that in phylink_resolve(), pl->state_mutex is in a lock\ninversion state with pl->phydev->lock. So pl->phydev->lock needs to be\nacquired prior to pl->state_mutex. But that requires dereferencing\npl->phydev in the first place, and without pl->state_mutex, that is\nracy.\n\nHence the reason for the extra lock. Currently it is redundant, but it\nwill serve a functional purpose once mutex_lock(&phy->lock) will be\nmoved outside of the mutex_lock(&pl->state_mutex) section.\n\nAnother alternative considered would have been to let phylink_resolve()\nacquire the rtnl_mutex, which is also held when phylink_bringup_phy()\nand phylink_disconnect_phy() are called. But since phylink_disconnect_phy()\nruns under rtnl_lock(), it would deadlock with phylink_resolve() when\ncalling flush_work(&pl->resolve). Additionally, it would have been\nundesirable because it would have unnecessarily blocked many other call\npaths as well in the entire kernel, so the smaller-scoped lock was\npreferred.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36],{"_key":33},"DEBIAN-CVE-2025-39905",{"_key":35},"RHSA-2026:0453",{"_key":37},"UBUNTU-CVE-2025-39905",[],[40],{"_key":41},"CGA-QM78-JRJ3-X853","2025-10-01T07:44:28.758Z","2026-05-11T21:38:40.520Z","Modified",{"cisa_kev":46,"cisa_ransomware":46,"cisa_vendor":9,"epss_severity":47,"epss_score":48,"severity":49,"severity_score":4,"severity_version":50,"severity_source":51,"severity_vector":52,"severity_status":44},false,"low",0.0001,"high","v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[54,60],{"url":55,"sources":56,"tags":58},"https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78397cec43a7a295a",[51,57],"nvd",[59],"Patch",{"url":61,"sources":62,"tags":63},"https://git.kernel.org/stable/c/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3",[51,57],[59],[],{"date":66,"score":48,"percentile":67},"2026-06-04",0.01209,[69,73,76,79,82,85,88,91,93,96,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,147,150,153,156,159,162,165,168,171,175,178,181,184,187,191,195,198,201,204,207,210,213,217,220,222,225,228,231,235,237,240,243,246,249,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,301,304,307,309,311,313,315,318,321,323,326,328,331],{"date":70,"score":71,"percentile":72},"2025-11-04",0.00026,0.05944,{"date":74,"score":71,"percentile":75},"2025-11-05",0.05963,{"date":77,"score":71,"percentile":78},"2025-11-06",0.0608,{"date":80,"score":71,"percentile":81},"2025-11-07",0.06088,{"date":83,"score":71,"percentile":84},"2025-11-08",0.06095,{"date":86,"score":71,"percentile":87},"2025-11-09",0.06089,{"date":89,"score":71,"percentile":90},"2025-11-10",0.06065,{"date":92,"score":71,"percentile":87},"2025-11-11",{"date":94,"score":71,"percentile":95},"2025-11-12",0.06134,{"date":97,"score":71,"percentile":98},"2025-11-13",0.06168,{"date":100,"score":71,"percentile":101},"2025-11-14",0.06196,{"date":103,"score":71,"percentile":104},"2025-11-15",0.06229,{"date":106,"score":71,"percentile":107},"2025-11-16",0.06249,{"date":109,"score":71,"percentile":110},"2025-11-17",0.06239,{"date":112,"score":71,"percentile":113},"2025-11-18",0.0373,{"date":115,"score":71,"percentile":116},"2025-11-19",0.03783,{"date":118,"score":71,"percentile":119},"2025-11-20",0.0385,{"date":121,"score":71,"percentile":122},"2025-11-21",0.06359,{"date":124,"score":71,"percentile":125},"2025-11-22",0.06311,{"date":127,"score":71,"percentile":128},"2025-11-23",0.06289,{"date":130,"score":71,"percentile":131},"2025-11-24",0.06264,{"date":133,"score":71,"percentile":134},"2025-11-25",0.06253,{"date":136,"score":71,"percentile":137},"2025-11-26",0.06272,{"date":139,"score":71,"percentile":140},"2025-11-27",0.06284,{"date":142,"score":71,"percentile":143},"2025-11-28",0.06261,{"date":145,"score":71,"percentile":146},"2025-11-29",0.06306,{"date":148,"score":71,"percentile":149},"2025-11-30",0.063,{"date":151,"score":71,"percentile":152},"2025-12-01",0.06365,{"date":154,"score":71,"percentile":155},"2025-12-02",0.06379,{"date":157,"score":71,"percentile":158},"2025-12-03",0.06391,{"date":160,"score":71,"percentile":161},"2025-12-04",0.06361,{"date":163,"score":71,"percentile":164},"2025-12-05",0.06412,{"date":166,"score":71,"percentile":167},"2025-12-06",0.0642,{"date":169,"score":71,"percentile":170},"2025-12-07",0.06426,{"date":172,"score":173,"percentile":174},"2025-12-08",0.00027,0.0687,{"date":176,"score":173,"percentile":177},"2025-12-09",0.06922,{"date":179,"score":173,"percentile":180},"2025-12-10",0.06994,{"date":182,"score":173,"percentile":183},"2025-12-11",0.07015,{"date":185,"score":173,"percentile":186},"2025-12-12",0.07016,{"date":188,"score":189,"percentile":190},"2025-12-13",0.00019,0.04331,{"date":192,"score":193,"percentile":194},"2025-12-14",0.00018,0.0364,{"date":196,"score":193,"percentile":197},"2025-12-15",0.03622,{"date":199,"score":193,"percentile":200},"2025-12-16",0.03639,{"date":202,"score":193,"percentile":203},"2025-12-17",0.03662,{"date":205,"score":193,"percentile":206},"2025-12-18",0.0368,{"date":208,"score":193,"percentile":209},"2025-12-19",0.03664,{"date":211,"score":193,"percentile":212},"2025-12-20",0.03661,{"date":214,"score":215,"percentile":216},"2025-12-21",0.00014,0.01953,{"date":218,"score":215,"percentile":219},"2025-12-22",0.01952,{"date":221,"score":215,"percentile":219},"2025-12-23",{"date":223,"score":215,"percentile":224},"2025-12-24",0.01959,{"date":226,"score":215,"percentile":227},"2025-12-25",0.01965,{"date":229,"score":215,"percentile":230},"2025-12-26",0.01966,{"date":232,"score":233,"percentile":234},"2025-12-27",0.00015,0.02341,{"date":236,"score":215,"percentile":227},"2025-12-28",{"date":238,"score":215,"percentile":239},"2025-12-29",0.01956,{"date":241,"score":215,"percentile":242},"2025-12-30",0.0195,{"date":244,"score":215,"percentile":245},"2025-12-31",0.01947,{"date":247,"score":215,"percentile":248},"2026-01-01",0.01974,{"date":250,"score":215,"percentile":230},"2026-01-02",{"date":252,"score":215,"percentile":253},"2026-01-03",0.01973,{"date":255,"score":215,"percentile":256},"2026-01-04",0.01933,{"date":258,"score":215,"percentile":259},"2026-01-05",0.01936,{"date":261,"score":215,"percentile":262},"2026-01-06",0.01931,{"date":264,"score":215,"percentile":265},"2026-01-07",0.01946,{"date":267,"score":215,"percentile":268},"2026-01-08",0.01963,{"date":270,"score":215,"percentile":271},"2026-01-09",0.01982,{"date":273,"score":215,"percentile":274},"2026-01-10",0.01996,{"date":276,"score":215,"percentile":277},"2026-01-11",0.01984,{"date":279,"score":215,"percentile":280},"2026-01-12",0.01988,{"date":282,"score":215,"percentile":283},"2026-01-13",0.01978,{"date":285,"score":215,"percentile":286},"2026-01-14",0.01986,{"date":288,"score":215,"percentile":289},"2026-01-15",0.01979,{"date":291,"score":215,"percentile":292},"2026-01-16",0.01981,{"date":294,"score":215,"percentile":295},"2026-01-17",0.01983,{"date":297,"score":215,"percentile":298},"2026-01-18",0.01994,{"date":300,"score":215,"percentile":277},"2026-01-19",{"date":302,"score":215,"percentile":303},"2026-01-20",0.01971,{"date":305,"score":215,"percentile":306},"2026-01-21",0.01969,{"date":308,"score":215,"percentile":268},"2026-01-22",{"date":310,"score":215,"percentile":303},"2026-01-23",{"date":312,"score":215,"percentile":292},"2026-01-24",{"date":314,"score":215,"percentile":248},"2026-01-25",{"date":316,"score":215,"percentile":317},"2026-01-26",0.01972,{"date":319,"score":215,"percentile":320},"2026-01-27",0.01968,{"date":322,"score":215,"percentile":303},"2026-01-28",{"date":324,"score":215,"percentile":325},"2026-01-29",0.01989,{"date":327,"score":215,"percentile":325},"2026-01-30",{"date":329,"score":193,"percentile":330},"2026-01-31",0.03708,{"date":332,"score":193,"percentile":333},"2026-02-01",0.03802,[335,340],{"source":51,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":336,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":337,"vectorString":52,"impactScore":338,"exploitabilityScore":339},"HIGH",9.8,2.6,{"source":57,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":341,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":337,"vectorString":52,"impactScore":338,"exploitabilityScore":339},[343,360],{"ecosystem":9,"name":344,"vendor":345,"product":345,"cpe_part":346,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":347},"Linux","linux","a",[348,355,358],{"version":349,"is_range":350,"range_type":51,"version_start":351,"version_start_type":352,"version_end":353,"version_end_type":354,"fixed_in":9},">= 5fd0f1a02e750e2db4038dee60edea669ce5aab1, \u003C 56fe63b05ec84ae6674269d78397cec43a7a295a",true,"5fd0f1a02e750e2db4038dee60edea669ce5aab1","including","56fe63b05ec84ae6674269d78397cec43a7a295a","excluding",{"version":356,"is_range":350,"range_type":51,"version_start":351,"version_start_type":352,"version_end":357,"version_end_type":354,"fixed_in":9},">= 5fd0f1a02e750e2db4038dee60edea669ce5aab1, \u003C 0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3","0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3",{"version":359,"is_range":46,"range_type":51,"version_start":359,"version_start_type":352,"version_end":359,"version_end_type":352,"fixed_in":9},"6.14",{"ecosystem":9,"name":361,"vendor":345,"product":362,"cpe_part":363,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":364},"linux kernel","linux_kernel","o",[365,369,371,373,375,377],{"version":366,"is_range":350,"range_type":367,"version_start":9,"version_start_type":9,"version_end":368,"version_end_type":354,"fixed_in":9},"lt6.16.8","cpe","6.16.8",{"version":370,"is_range":46,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc1",{"version":372,"is_range":46,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc2",{"version":374,"is_range":46,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc3",{"version":376,"is_range":46,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc4",{"version":378,"is_range":46,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc5"]