Home

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an invalid address (>= PHY_MAX_ADDR), which causes a warning in mdiobus_get_phy(): addr 207 out of range WARNING: drivers/net/phy/mdio_bus.c:76 Validate the PHY address in asix_read_phy_addr() and remove the now-redundant check in ax88172a.c.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-13 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before fc96018f09f8d30586ca6582c5045a84eafef146
affected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before f5f4f30f3811d37e1aa48667c36add74e5a8d99f
affected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before 38722e69ee64dbb020028c93898d25d6f4c0e0b2
affected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before 98a12c2547a44a5f03f35c108d2022cc652cbc4d
affected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before bf8a0f3b787ca7c5889bfca12c60c483041fbee3
affected

7e88b11a862afe59ee0c365123ea5fb96a26cb3b (git) before a1e077a3f76eea0dc671ed6792e7d543946227e8
affected

4e4f3cb41d687bd64cd03358862b23c84d82329e (git)
affected

Default status
affected

5.14
affected

Any version before 5.14
unaffected

5.15.198 (semver)
unaffected

6.1.160 (semver)
unaffected

6.6.120 (semver)
unaffected

6.12.64 (semver)
unaffected

6.18.4 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/fc96018f09f8d30586ca6582c5045a84eafef146

git.kernel.org/...c/f5f4f30f3811d37e1aa48667c36add74e5a8d99f

git.kernel.org/...c/38722e69ee64dbb020028c93898d25d6f4c0e0b2

git.kernel.org/...c/98a12c2547a44a5f03f35c108d2022cc652cbc4d

git.kernel.org/...c/bf8a0f3b787ca7c5889bfca12c60c483041fbee3

git.kernel.org/...c/a1e077a3f76eea0dc671ed6792e7d543946227e8

cve.org (CVE-2025-71094)

nvd.nist.gov (CVE-2025-71094)

Download JSON