suse · CVE-2025-71094

Quick triage

Priority: low Published: 2026-03-05 00:20:38 UTC Updated: 2026-04-16 13:41:39 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-71094 severity low: SUSE including 383 source package names (13.2-9.1:libsqlite3-0-3.49.1-1.1, 2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, …), 598 product×package rows across 74 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (74 product lines)): Fixed 277, Known Affected 231, Known Not Affected 65, First Fixed 25.

Description:

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an invalid address (>= PHY_MAX_ADDR), which causes a warning in mdiobus_get_phy(): addr 207 out of range WARNING: drivers/net/phy/mdio_bus.c:76 Validate the PHY address in asix_read_phy_addr() and remove the now-redundant check in ax88172a.c.

cvelogic Threat Intelligence