Main Vulnerability Database SB20250704106

SB20250704106 - Out-of-bounds write in Linux kernel net phy driver

Published: July 4, 2025

Security Bulletin ID SB20250704106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2025-38110)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/260388f79e94fb3026c419a208ece8358bb7b555
https://git.kernel.org/stable/c/31bf7b2b92563a352788cf9df3698682f659bacc
https://git.kernel.org/stable/c/4ded22f7f3ce9714ed72c3e9c68fea1cb9388ae7
https://git.kernel.org/stable/c/abb0605ca00979a49572a6516f6db22c3dc57223