CVE-2025-38736
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38736
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's USB network driver for ASIX devices. It involves the MDIO bus initialization where the PHY address was not properly masked to 5 bits (0-31). Without this masking, invalid PHY addresses could be used, which may cause errors or exceptions during MDIO bus operations. The fix ensures the PHY address is masked with 0x1f to keep it within the valid range.

Impact Analysis

If exploited, this vulnerability could cause issues with MDIO bus operations, potentially leading to exceptions or errors in the network driver. This could result in network instability or failures on devices using the affected Linux kernel driver for ASIX USB network devices.

Mitigation Strategies

Apply the patch or update to the Linux kernel version that includes the fix for the PHY address mask in the MDIO bus initialization. This ensures the PHY address is properly masked to 5 bits (0-31), preventing invalid PHY addresses and related issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38736. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart