CVE-2025-71196
- Source
- https://cve.org/CVERecord?id=CVE-2025-71196
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71196.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-71196
- Downstream
- Related
- Published
- 2026-02-04T16:04:17.141Z
- Modified
- 2026-03-24T08:59:23.992515Z
- Summary
- phy: stm32-usphyc: Fix off by one in probe()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
phy: stm32-usphyc: Fix off by one in probe()
The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71196.json" }- References
-
- https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c
- https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051
- https://git.kernel.org/stable/c/a9eec890879731c280697fdf1c50699e905b2fa7
- https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad
- https://git.kernel.org/stable/c/c06f13876cbad702582cd67fc77356e5524d02cd
- https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a
- https://git.kernel.org/stable/c/fb9d513cdf1614bf0f0e785816afb1faae3f81af
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71196.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-71196
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94c358da3a0545205c6c6a50ae26141f1c73acfaFixeda9eec890879731c280697fdf1c50699e905b2fa7Fixedfb9d513cdf1614bf0f0e785816afb1faae3f81afFixedc06f13876cbad702582cd67fc77356e5524d02cdFixed76b870fdaad82171a24b8aacffe5e4d9e0d2ee2cFixedb91c9f6bfb04e430adeeac7e7ebc9d80f9d72badFixed7c27eaf183563b86d815ff6e9cca0210b4cfa051Fixedcabd25b57216ddc132efbcc31f972baa03aad15a
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.17.0Fixed5.10.249
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.199
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.162
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.122
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.67
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.7