Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an invalid address (>= PHY_MAX_ADDR), which causes a warning in mdiobus_get_phy(): addr 207 out of range WARNING: drivers/net/phy/mdio_bus.c:76 Validate the PHY address in asix_read_phy_addr() and remove the now-redundant check in ax88172a.c.

INFO

Published Date :

2026-01-13T15:34:54.669Z

Last Modified :

2026-01-19T12:19:55.502Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71094 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71094.

URL Resource
https://git.kernel.org/stable/c/38722e69ee64dbb020028c93898d25d6f4c0e0b2 cve-icon cve-icon
https://git.kernel.org/stable/c/98a12c2547a44a5f03f35c108d2022cc652cbc4d cve-icon cve-icon
https://git.kernel.org/stable/c/a1e077a3f76eea0dc671ed6792e7d543946227e8 cve-icon cve-icon
https://git.kernel.org/stable/c/bf8a0f3b787ca7c5889bfca12c60c483041fbee3 cve-icon cve-icon
https://git.kernel.org/stable/c/f5f4f30f3811d37e1aa48667c36add74e5a8d99f cve-icon cve-icon
https://git.kernel.org/stable/c/fc96018f09f8d30586ca6582c5045a84eafef146 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011343-CVE-2025-71094-087b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71094 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71094 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact