CVE-2025-71196 — Linux vulnerability

13 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +8 more

Timeline

PublishedFeb 4

Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.

Affected Packages12 packages

▶Linuxlinux/linux_kernel4.17.0 — 5.10.249+5

▶Debianlinux/linux_kernel< 5.10.249-1+3

▶CVEListV5linux/linux94c358da3a0545205c6c6a50ae26141f1c73acfa — a9eec890879731c280697fdf1c50699e905b2fa7+7

▶debiandebian/linux< linux 6.1.162-1 (bookworm)

▶debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-26mr-48wg-9jv2: In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an↗2026-02-04

▶

OSV

phy: stm32-usphyc: Fix off by one in probe()↗2026-02-04

▶

OSV

CVE-2025-71196: In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an in↗2026-02-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel vulnerabilities↗2026-04-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-71196 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶