CVE-2025-38110

{"id": "CVE-2025-38110", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-07-03T09:15:24.680", "references": [{"url": "https://git.kernel.org/stable/c/260388f79e94fb3026c419a208ece8358bb7b555", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/31bf7b2b92563a352788cf9df3698682f659bacc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4ded22f7f3ce9714ed72c3e9c68fea1cb9388ae7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abb0605ca00979a49572a6516f6db22c3dc57223", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like 'mdio-tools' to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mdiobus: Arregla el potencial acceso de lectura/escritura fuera de los l\u00edmites de la cl\u00e1usula 45 Cuando se usan herramientas disponibles p\u00fablicamente como 'mdio-tools' para leer/escribir datos desde/hacia la interfaz de red y su PHY a trav\u00e9s de C45 (cl\u00e1usula 45) mdiobus, no hay verificaci\u00f3n de los par\u00e1metros pasados a ioctl y acepta cualquier direcci\u00f3n mdio. Actualmente hay soporte para 32 direcciones en el kernel a trav\u00e9s de la definici\u00f3n PHY_MAX_ADDR, pero es posible pasar un valor m\u00e1s alto que ese a trav\u00e9s de ioctl. Si bien la operaci\u00f3n de lectura/escritura generalmente deber\u00eda fallar en este caso, mdiobus proporciona una matriz de estad\u00edsticas, donde la direcci\u00f3n incorrecta puede permitir lectura/escritura fuera de los l\u00edmites. Arregla eso agregando la verificaci\u00f3n de direcci\u00f3n antes de la operaci\u00f3n de lectura/escritura C45. Si bien esto excluye este acceso de cualquier estad\u00edstica, mejora la seguridad de la operaci\u00f3n de lectura/escritura."}], "lastModified": "2025-11-20T21:36:19.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F32A46D-A3D6-46B7-841B-D6FED06301AA", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}