{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71196", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-31T11:36:51.191Z", "datePublished": "2026-02-04T16:04:17.141Z", "dateUpdated": "2026-02-04T16:04:17.141Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-04T16:04:17.141Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: stm32-usphyc: Fix off by one in probe()\n\nThe \"index\" variable is used as an index into the usbphyc->phys[] array\nwhich has usbphyc->nphys elements. So if it is equal to usbphyc->nphys\nthen it is one element out of bounds. The \"index\" comes from the\ndevice tree so it's data that we trust and it's unlikely to be wrong,\nhowever it's obviously still worth fixing the bug. Change the > to >=."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/st/phy-stm32-usbphyc.c"], "versions": [{"version": "94c358da3a0545205c6c6a50ae26141f1c73acfa", "lessThan": "76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c", "status": "affected", "versionType": "git"}, {"version": "94c358da3a0545205c6c6a50ae26141f1c73acfa", "lessThan": "b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad", "status": "affected", "versionType": "git"}, {"version": "94c358da3a0545205c6c6a50ae26141f1c73acfa", "lessThan": "7c27eaf183563b86d815ff6e9cca0210b4cfa051", "status": "affected", "versionType": "git"}, {"version": "94c358da3a0545205c6c6a50ae26141f1c73acfa", "lessThan": "cabd25b57216ddc132efbcc31f972baa03aad15a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/st/phy-stm32-usbphyc.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.17", "versionEndExcluding": "6.19-rc6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c"}, {"url": "https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad"}, {"url": "https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051"}, {"url": "https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a"}], "title": "phy: stm32-usphyc: Fix off by one in probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: stm32-usphyc: Fix off by one in probe()\n\nThe \"index\" variable is used as an index into the usbphyc->phys[] array\nwhich has usbphyc->nphys elements. So if it is equal to usbphyc->nphys\nthen it is one element out of bounds. The \"index\" comes from the\ndevice tree so it's data that we trust and it's unlikely to be wrong,\nhowever it's obviously still worth fixing the bug. Change the > to >=."}], "id": "CVE-2025-71196", "lastModified": "2026-02-04T17:16:11.530", "metrics": {}, "published": "2026-02-04T17:16:11.530", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: phy: stm32-usphyc: Fix off by one in probe()", "id": "2436801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436801"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2025-71196", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71196\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71196\nhttps://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71196-cf4b@gregkh/T"]}