{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access",
    "id" : "2376035",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376035"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1284",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\nWhen using publicly available tools like 'mdio-tools' to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation." ],
  "statement" : "A bounds check was missing in the __mdiobus_c45_read() and __mdiobus_c45_write() functions, allowing out-of-bounds access to the stats array in the kernel if a user supplied an invalid PHY address via an ioctl. Although the read/write would typically fail on hardware, the statistics array was still accessed, potentially leading to an out-of-bounds memory read/write in kernel space. This patch adds a check that ensures the PHY address does not exceed PHY_MAX_ADDR, mitigating the risk. The Privileges required for the CVSS is High (PR: H), because requires administrative privileges to issue raw ioctl commands to a network interface (typically CAP_NET_ADMIN). Potential memory corruption could happen inside the firmware of the networking hardware, but not for the memory of the Linux Kernel, and this is the reason why no Kernel Crash could be (and A:N for CVSS).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11855",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.24.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11861",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.30.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11861",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.30.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-07-15T00:00:00Z",
    "advisory" : "RHSA-2025:11245",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.77.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38110\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38110\nhttps://lore.kernel.org/linux-cve-announce/2025070324-CVE-2025-38110-a9c0@gregkh/T" ],
  "name" : "CVE-2025-38110",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module mdio from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}