VDB
DEBIAN-CVE-2025-71196
DEBIAN-CVE-2025-71196
PUBLISHED
CVSS 8.699999809265137 HIGH
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.221-1, 5.10.218-1, 5.10.209-2 |
| Debian:11 | linux-6.1 | 6.1.112-1~deb11u1, 6.1.159-1, 6.1.158-1 |
| Debian:12 | linux | 6.1.159-1, 6.1.129-1, 6.1.99-1 |
| Debian:13 | linux | 0, 6.12.41-1, 6.12.43-1 |
| Debian:14 | linux | 6.17.2-1, 6.17.13-1, 6.17.13-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Feb 4, 2026 CVE Published
- Apr 28, 2026 CVE Updated