CVE-2025-38736
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/09/2025
Last modified:
08/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization<br />
<br />
Syzbot reported shift-out-of-bounds exception on MDIO bus initialization.<br />
<br />
The PHY address should be masked to 5 bits (0-31). Without this<br />
mask, invalid PHY addresses could be used, potentially causing issues<br />
with MDIO bus operations.<br />
<br />
Fix this by masking the PHY address with 0x1f (31 decimal) to ensure<br />
it stays within the valid range.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c
- https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c
- https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e
- https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341
- https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49
- https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6