vulnerability

Debian: CVE-2025-38736: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:S/C:C/I:N/A:C)	Sep 25, 2025	Sep 25, 2025	Jan 9, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:C)

Published

Sep 25, 2025

Added

Sep 25, 2025

Modified

Jan 9, 2026

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range.

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2025-38736
https://attackerkb.com/topics/CVE-2025-38736
CWE-125
DEBIAN-DSA-6008-1
DEBIAN-DSA-6009-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today