CVE-2025-38736

HIGH EPSS 4.5%
Published Sep 5, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.15.11  –  <6.16
linuxlinux_kernel*≥6.16.2  –  <6.16.4
linuxlinux_kernel6.12.43any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 8

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6
    Patch