CVE-2025-71196

2026-02-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

3
Patch Released
Apr 10, 2026 - 00:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 04, 2026 - 17:16 nvd
N/A

Tags

Linux Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

phy: stm32-usphyc: Fix off by one in probe()

The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds.

Technical Context

In the Linux kernel, the following vulnerability has been resolved:

phy: stm32-usphyc: Fix off by one in probe()

The "index" variable is used as an index into the usbphyc->phys[] array

which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys

then it is one element out of bounds. The "index" comes from the

device tree so it's data that we trust and it's unlikely to be wrong,

however it's obviously still worth fixing the bug. Change the > to >=.

Affected Products

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an

Remediation

Monitor vendor advisories for a patch.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-71196 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy