CVE-2025-71094

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usb: asix: validate PHY address before use<br /> <br /> The ASIX driver reads the PHY address from the USB device via<br /> asix_read_phy_addr(). A malicious or faulty device can return an<br /> invalid address (&gt;= PHY_MAX_ADDR), which causes a warning in<br /> mdiobus_get_phy():<br /> <br /> addr 207 out of range<br /> WARNING: drivers/net/phy/mdio_bus.c:76<br /> <br /> Validate the PHY address in asix_read_phy_addr() and remove the<br /> now-redundant check in ax88172a.c.