CVE-2025-38725 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Without setting phy_mask for ax88772 mdio bus, current driver may create
at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.
DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy
device will bind to net phy driver. This is creating issue during system
suspend/resume since phy_polling_mode() in phy_state_machine() will
directly deference…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxe532a096be0e5e570b383e71d4560e7f04384e0f — 75947d3200de98a9ded9ad8972e02f1a177097fe+7
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-cvch-2h28-pxmh: In the Linux kernel, the following vulnerability has been resolved:
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Without setting phy_ma↗2025-09-05
OSV▶
CVE-2025-38725: In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask↗2025-09-04