CVE-2025-38736

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c	Patch
https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c	Patch
https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e	Patch
https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341	Patch
https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49	Patch
https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12.43:::::::*
	cpe:2.3:o:linux:linux_kernel:6.17:rc2::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-05 18:15

Updated : 2026-01-08 15:34

NVD link : CVE-2025-38736

Mitre link : CVE-2025-38736

CVE.ORG link : CVE-2025-38736

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-38736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-09-05T18:15:42.953", "references": [{"url": "https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range."}], "lastModified": "2026-01-08T15:34:43.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53FE35DC-2528-48D7-A855-1127CA02EE4D", "versionEndExcluding": "6.16", "versionStartIncluding": "6.15.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19325E9F-3B58-4EA9-A233-197C47A023A9", "versionEndExcluding": "6.16.4", "versionStartIncluding": "6.16.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95EF7A26-9E96-4B0D-8835-42C540D6E011"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C730CD9A-D969-4A8E-9522-162AAF7C0EE9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}