CVE-2025-38736

EPSS 0.04%
Published 05.09.2025 17:20:36
Last modified 08.09.2025 16:25:38
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization

Syzbot reported shift-out-of-bounds exception on MDIO bus initialization.

The PHY address should be masked to 5 bits (0-31). Without this
mask, invalid PHY addresses could be used, potentially causing issues
with MDIO bus operations.

Fix this by masking the PHY address with 0x1f (31 decimal) to ensure
it stays within the valid range.

Affected products Warnungen 0 Metrics 1 CWE 0 References 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < fcb4ce9f729c1d08e53abf9d449340e24c3edee6

Version 75947d3200de98a9ded9ad8972e02f1a177097fe

Status affected

Version < 8f141f2a4f2ef8ca865d5921574c3d6535e00a49

Version 59ed6fbdb1bc03316e09493ffde7066f031c7524

Status affected

Version < 748da80831221ae24b4bc8d7ffb22acd5712a341

Version ccef5ee4adf56472aa26bdd1f821a6d0cd06089a

Status affected

Version < 22042ffedd8c2c6db08ccdd6d4273068eddd3c5c

Version ee2cd40b0bb46056949a2319084a729d95389386

Status affected

Version < 523eab02fce458fa6d3c51de5bb055800986953e

Version ad1f8313aeec0115f9978bd2d002ef4a8d96c773

Status affected

Version < 24ef2f53c07f273bad99173e27ee88d44d135b1c

Version 4faff70959d51078f9ee8372f8cff0d7045e4114

Status affected

Version a754ab53993b1585132e871c5d811167ad3c52ff

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.17-rc2

Status affected

Version < 6.17-rc2

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17-rc3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.092

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6

https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49

https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341

https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c

https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e

https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c

https://nvd.nist.gov/vuln/detail/CVE-2025-38736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38736

EUVD