CVE-2025-71196
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 94c358da3a0545205c6c6a50ae26141f1c73acfa - < a9eec890879731c280697fdf1c50699e905b2fa7affected 94c358da3a0545205c6c6a50ae26141f1c73acfa - < fb9d513cdf1614bf0f0e785816afb1faae3f81afaffected 94c358da3a0545205c6c6a50ae26141f1c73acfa - < c06f13876cbad702582cd67fc77356e5524d02cdaffected 94c358da3a0545205c6c6a50ae26141f1c73acfa - < 76b870fdaad82171a24b8aacffe5e4d9e0d2ee2caffected 94c358da3a0545205c6c6a50ae26141f1c73acfa - < b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad+2 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.10.249 - <= 5.10.*unaffected 5.15.199 - <= 5.15.*unaffected 6.1.162 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now