7.1

CVE-2025-38736

net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization

In the Linux kernel, the following vulnerability has been resolved:

net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization

Syzbot reported shift-out-of-bounds exception on MDIO bus initialization.

The PHY address should be masked to 5 bits (0-31). Without this
mask, invalid PHY addresses could be used, potentially causing issues
with MDIO bus operations.

Fix this by masking the PHY address with 0x1f (31 decimal) to ensure
it stays within the valid range.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.15.11 < 6.16
LinuxLinux Kernel Version >= 6.16.2 < 6.16.4
LinuxLinux Kernel Version6.12.43
LinuxLinux Kernel Version6.17 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6
Patch
https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49
Patch
https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341
Patch
https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c
Patch
https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e
Patch
https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html