Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.

INFO

Published Date :

2025-09-05T17:20:36.546Z

Last Modified :

2025-11-03T17:42:06.126Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38736 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38736.

URL Resource
https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c cve-icon cve-icon
https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c cve-icon cve-icon
https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e cve-icon cve-icon
https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341 cve-icon cve-icon
https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49 cve-icon cve-icon
https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025090544-CVE-2025-38736-b74b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38736 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38736 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact