CVE-2025-71094

The ASIX driver reads the PHY address from the USB device via asixreadphyaddr(). A malicious or faulty device can return an invalid address (>= PHYMAXADDR), which causes a warning in mdiobusget_phy():

addr 207 out of range WARNING: drivers/net/phy/mdio_bus.c:76

Validate the PHY address in asixreadphy_addr() and remove the now-redundant check in ax88172a.c.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71094.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7e88b11a862afe59ee0c365123ea5fb96a26cb3b

Fixed

fc96018f09f8d30586ca6582c5045a84eafef146

Fixed

f5f4f30f3811d37e1aa48667c36add74e5a8d99f

Fixed

38722e69ee64dbb020028c93898d25d6f4c0e0b2

Fixed

98a12c2547a44a5f03f35c108d2022cc652cbc4d

Fixed

bf8a0f3b787ca7c5889bfca12c60c483041fbee3

Fixed

a1e077a3f76eea0dc671ed6792e7d543946227e8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4e4f3cb41d687bd64cd03358862b23c84d82329e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71094.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.14.0

Fixed

5.15.198

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.160

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.120

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.64

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71094.json"