CVE-2025-71196

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

04/02/2026

Last modified:

04/02/2026

Description

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it&#39;s data that we trust and it&#39;s unlikely to be wrong, however it&#39;s obviously still worth fixing the bug. Change the > to >=.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c
https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051
https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad
https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a