CVE-2025-38736
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's USB network driver for ASIX devices. It involves the MDIO bus initialization where the PHY address was not properly masked to 5 bits (0-31). Without this masking, invalid PHY addresses could be used, which may cause errors or exceptions during MDIO bus operations. The fix ensures the PHY address is masked with 0x1f to keep it within the valid range.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause issues with MDIO bus operations, potentially leading to exceptions or errors in the network driver. This could result in network instability or failures on devices using the affected Linux kernel driver for ASIX USB network devices.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the PHY address mask in the MDIO bus initialization. This ensures the PHY address is properly masked to 5 bits (0-31), preventing invalid PHY addresses and related issues.