Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.
References
- https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c
- https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051
- https://git.kernel.org/stable/c/a9eec890879731c280697fdf1c50699e905b2fa7
- https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad
- https://git.kernel.org/stable/c/c06f13876cbad702582cd67fc77356e5524d02cd
- https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a
- https://git.kernel.org/stable/c/fb9d513cdf1614bf0f0e785816afb1faae3f81af
FAQ
What is CVE-2025-71196?
CVE-2025-71196 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usb...
How severe is CVE-2025-71196?
CVSS scoring is not yet available for CVE-2025-71196. Check NVD for updates.
Is there a patch for CVE-2025-71196?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.