{"api_version":"1","generated_at":"2026-06-10T23:56:10+00:00","cve":"CVE-2025-38736","urls":{"html":"https://cve.report/CVE-2025-38736","api":"https://cve.report/api/cve/CVE-2025-38736.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-38736","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-38736"},"summary":{"title":"net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.","state":"PUBLISHED","assigner":"Linux","published_at":"2025-09-05 18:15:42","updated_at":"2026-05-12 13:17:03"},"problem_types":["CWE-125"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","name":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e","name":"https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6","name":"https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c","name":"https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c","name":"https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49","name":"https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341","name":"https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-38736","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38736","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 75947d3200de98a9ded9ad8972e02f1a177097fe fcb4ce9f729c1d08e53abf9d449340e24c3edee6 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 59ed6fbdb1bc03316e09493ffde7066f031c7524 8f141f2a4f2ef8ca865d5921574c3d6535e00a49 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ccef5ee4adf56472aa26bdd1f821a6d0cd06089a 748da80831221ae24b4bc8d7ffb22acd5712a341 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ee2cd40b0bb46056949a2319084a729d95389386 22042ffedd8c2c6db08ccdd6d4273068eddd3c5c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ad1f8313aeec0115f9978bd2d002ef4a8d96c773 523eab02fce458fa6d3c51de5bb055800986953e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4faff70959d51078f9ee8372f8cff0d7045e4114 24ef2f53c07f273bad99173e27ee88d44d135b1c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a754ab53993b1585132e871c5d811167ad3c52ff git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.12.43 6.12.44 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.16.2 6.16.4 semver","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC CN 4100","version":"affected V5.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"38736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T17:42:06.126Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC CN 4100","vendor":"Siemens","versions":[{"lessThan":"V5.0","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:06:02.819Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/usb/asix_devices.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"fcb4ce9f729c1d08e53abf9d449340e24c3edee6","status":"affected","version":"75947d3200de98a9ded9ad8972e02f1a177097fe","versionType":"git"},{"lessThan":"8f141f2a4f2ef8ca865d5921574c3d6535e00a49","status":"affected","version":"59ed6fbdb1bc03316e09493ffde7066f031c7524","versionType":"git"},{"lessThan":"748da80831221ae24b4bc8d7ffb22acd5712a341","status":"affected","version":"ccef5ee4adf56472aa26bdd1f821a6d0cd06089a","versionType":"git"},{"lessThan":"22042ffedd8c2c6db08ccdd6d4273068eddd3c5c","status":"affected","version":"ee2cd40b0bb46056949a2319084a729d95389386","versionType":"git"},{"lessThan":"523eab02fce458fa6d3c51de5bb055800986953e","status":"affected","version":"ad1f8313aeec0115f9978bd2d002ef4a8d96c773","versionType":"git"},{"lessThan":"24ef2f53c07f273bad99173e27ee88d44d135b1c","status":"affected","version":"4faff70959d51078f9ee8372f8cff0d7045e4114","versionType":"git"},{"status":"affected","version":"a754ab53993b1585132e871c5d811167ad3c52ff","versionType":"git"}]},{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/usb/asix_devices.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"6.12.44","status":"affected","version":"6.12.43","versionType":"semver"},{"lessThan":"6.16.4","status":"affected","version":"6.16.2","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.44","versionStartIncluding":"6.12.43","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.16.4","versionStartIncluding":"6.16.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.11","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range."}],"providerMetadata":{"dateUpdated":"2026-05-11T21:33:59.564Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/fcb4ce9f729c1d08e53abf9d449340e24c3edee6"},{"url":"https://git.kernel.org/stable/c/8f141f2a4f2ef8ca865d5921574c3d6535e00a49"},{"url":"https://git.kernel.org/stable/c/748da80831221ae24b4bc8d7ffb22acd5712a341"},{"url":"https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c"},{"url":"https://git.kernel.org/stable/c/523eab02fce458fa6d3c51de5bb055800986953e"},{"url":"https://git.kernel.org/stable/c/24ef2f53c07f273bad99173e27ee88d44d135b1c"}],"title":"net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-38736","datePublished":"2025-09-05T17:20:36.546Z","dateReserved":"2025-04-16T04:51:24.034Z","dateUpdated":"2026-05-12T12:06:02.819Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-05 18:15:42","lastModifiedDate":"2026-05-12 13:17:03","problem_types":["CWE-125"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.11","versionEndExcluding":"6.16","matchCriteriaId":"53FE35DC-2528-48D7-A855-1127CA02EE4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.2","versionEndExcluding":"6.16.4","matchCriteriaId":"19325E9F-3B58-4EA9-A233-197C47A023A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12.43:*:*:*:*:*:*:*","matchCriteriaId":"95EF7A26-9E96-4B0D-8835-42C540D6E011"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*","matchCriteriaId":"C730CD9A-D969-4A8E-9522-162AAF7C0EE9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"38736","Ordinal":"1","Title":"net: usb: asix_devices: Fix PHY address mask in MDIO bus initial","CVE":"CVE-2025-38736","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"38736","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.","Type":"Description","Title":"net: usb: asix_devices: Fix PHY address mask in MDIO bus initial"}]}}}