CVE-2025-38736
HIGHLinux Kernel - Out-of-bounds Read in MDIO Bus Initialization
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.
References (8)
Core 8
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
4.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (16)
debian/debian_linux
11.0
linux/Kernel
6.12.43 - 6.12.44linux
linux/Kernel
6.16.2 - 6.16.4linux
Linux/Linux
4faff70959d51078f9ee8372f8cff0d7045e4114 - 24ef2f53c07f273bad99173e27ee88d44d135b1c
Linux/Linux
59ed6fbdb1bc03316e09493ffde7066f031c7524 - 8f141f2a4f2ef8ca865d5921574c3d6535e00a49
Linux/Linux
6.12.43 - 6.12.44
Linux/Linux
6.15.11 - 6.16
Linux/Linux
6.16.2 - 6.16.4
Linux/Linux
75947d3200de98a9ded9ad8972e02f1a177097fe - fcb4ce9f729c1d08e53abf9d449340e24c3edee6
Linux/Linux
a754ab53993b1585132e871c5d811167ad3c52ff
... and 6 more
Published
Sep 05, 2025
Tracked Since
Feb 18, 2026