net/mdiobus: Fix potential out-of-bounds read/write access

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2025-38111
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2025-07-03 09:15:24 UTC
Updated2026-05-12 13:16:43 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation should generally fail in this case, mdiobus provides stats array, where wrong address may allow out-of-bounds read/write. Fix that by adding address verification before read/write operation. While this excludes this access from any statistics, it improves security of read/write operation.

Risk And Classification

Primary CVSS: v3.1 7.1 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Problem Types: CWE-125

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e 19c5875e26c4ed5686d82a7d8f7051385461b9eb git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e 014ad9210373d2104f6ef10e6bb999a7a0a4c50e git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e 73d478234a619f3476028cb02dee699c30ae8262 git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e bab6bca0834cbb5be2a7cfe59ec6ad016ec72608 git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e b02d9d2732483e670bc34cb233d28e1d43b15da4 git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e 049af7ac45a6b407748ee0995278fd861e36df8f git Not specified
CNA Linux Linux affected 080bb352fad00d04995102f681b134e3754bfb6e 0e629694126ca388916f059453a1c36adde219c4 git Not specified
CNA Linux Linux affected 5.6 Not specified
CNA Linux Linux unaffected 5.6 semver Not specified
CNA Linux Linux unaffected 5.10.239 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.186 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.142 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.94 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.34 6.12.* semver Not specified
CNA Linux Linux unaffected 6.15.3 6.15.* semver Not specified
CNA Linux Linux unaffected 6.16 * original_commit_for_fix Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified

References

ReferenceSourceLinkTags
lists.debian.org/debian-lts-announce/2025/10/msg00008.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
git.kernel.org/stable/c/b02d9d2732483e670bc34cb233d28e1d43b15da4 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-082556.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
git.kernel.org/stable/c/73d478234a619f3476028cb02dee699c30ae8262 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/049af7ac45a6b407748ee0995278fd861e36df8f 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/19c5875e26c4ed5686d82a7d8f7051385461b9eb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/0e629694126ca388916f059453a1c36adde219c4 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/014ad9210373d2104f6ef10e6bb999a7a0a4c50e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/bab6bca0834cbb5be2a7cfe59ec6ad016ec72608 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
lists.debian.org/debian-lts-announce/2025/10/msg00007.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report