CVE-2025-38110

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access<br /> <br /> When using publicly available tools like &amp;#39;mdio-tools&amp;#39; to read/write data<br /> from/to network interface and its PHY via C45 (clause 45) mdiobus,<br /> there is no verification of parameters passed to the ioctl and<br /> it accepts any mdio address.<br /> Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,<br /> but it is possible to pass higher value than that via ioctl.<br /> While read/write operation should generally fail in this case,<br /> mdiobus provides stats array, where wrong address may allow out-of-bounds<br /> read/write.<br /> <br /> Fix that by adding address verification before C45 read/write operation.<br /> While this excludes this access from any statistics, it improves security of<br /> read/write operation.