Linux Kernel EEE Configuration Vulnerability in BCM63xx Switches

Vulnerability

A vulnerability in the Linux kernel's handling of Energy Efficient Ethernet (EEE) has been addressed. Internal switches on BCM63xx devices do not support EEE, yet they offer multiple RGMII ports for external PHY connections. If an external PHY is EEE-capable, the system may attempt to enable EEE for the MACs, leading to a system hang when accessing the non-existent EEE registers. The vulnerability has been fixed by verifying EEE support before configuration.

Impact

The vulnerability could cause a system hang by attempting to access non-existent EEE registers, disrupting normal operation.

Added: Jul 10, 2025, 10:03 AM

Updated: Jul 10, 2025, 10:03 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel EEE Configuration Vulnerability in BCM63xx Switches

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating