You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38111
About this tag
CVE-2025-38111 is a Linux kernel vulnerability in the MDIO (Management Data Input/Output) subsystem, specifically in the net/mdiobus code. The flaw involves a missing bounds check in an ioctl path that allows a user-supplied MDIO address to read or write beyond the kernel's mdiobus statistics array. This out-of-bounds access could be exploited by local users or tooling with access to MDIO management. The fix is a small patch that adds proper bounds checking, preventing the out-of-bounds condition. Administrators should apply the patch urgently on systems that expose MDIO management to local users. The vulnerability affects Linux kernel versions prior to the patch, and its severity underscores the importance of input validation in kernel interfaces.
The Linux kernel patch that closed CVE-2025-38111 — a bounds‑check defect in net/mdiobus — is small in code but large in operational impact: it removes a user‑supplied MDIO address from an unchecked ioctl path that could be used to read or write beyond the kernel’s mdiobus statistics array, and...