CVE-2025-38110Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-1284Improper Validation of Specified Quantity in Input53 documents8 sources
Severity
7.1HIGHNVD
OSV3.2
EPSS
0.1%
top 79.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJul 3
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages16 packages

NVDlinux/linux_kernel6.36.6.94+3
Debianlinux/linux_kernel< 6.12.35-1+1
Ubuntulinux/linux_kernel< 6.8.0-100.100

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

26
VulDB
Linux Kernel up to 6.6.93/6.12.33/6.15.2/6.16-rc1 mdiobus out-of-bounds write (Nessus ID 242143 / WID-SEC-2025-1452)2026-04-17
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24

📋Vendor Advisories

26
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38110 — Out-of-bounds Read in Linux | cvebase