CVE-2025-38736 – A Linux kernel vulnerability in the ASIX USB ne... (How to Fix)

Q: What is the severity of CVE-2025-38736?

CVE-2025-38736 has a CVSS score of 7.1 (HIGH). A Linux kernel vulnerability in the ASIX USB network driver allows invalid PHY addresses to be used during MDIO bus initialization, potentially causing shift-out-of-bounds exceptions. This affects systems using ASIX USB network adapters with the vulnerable kernel driver. The issue could lead to system instability or denial of service.

📋 TL;DR

A Linux kernel vulnerability in the ASIX USB network driver allows invalid PHY addresses to be used during MDIO bus initialization, potentially causing shift-out-of-bounds exceptions. This affects systems using ASIX USB network adapters with the vulnerable kernel driver. The issue could lead to system instability or denial of service.

💻 Affected Systems

Products:

Linux kernel ASIX USB network driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with ASIX USB network adapters connected and using the vulnerable driver. Common in embedded systems, IoT devices, and some workstations.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially requiring physical access to restart affected systems.

🟠

Likely Case

System instability, network connectivity issues, or kernel crashes when using ASIX USB network adapters with invalid PHY addresses.

🟢

If Mitigated

Minor performance impact or no effect if proper PHY addresses are used and the mask is applied.

🌐 Internet-Facing: LOW - Requires physical USB device connection or specific USB-over-IP configurations.

🏢 Internal Only: MEDIUM - Could affect servers or workstations with ASIX USB network adapters, but requires physical device connection.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access to connect a malicious USB device or control over USB device configuration. Syzbot discovered this through fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 22042ffedd8c2c6db08ccdd6d4273068eddd3c5c, 24ef2f53c07f273bad99173e27ee88d44d135b1c, 523eab02fce458fa6d3c51de5bb055800986953e, 748da80831221ae24b4bc8d7ffb22acd5712a341, 8f141f2a4f2ef8ca865d5921574c3d6535e00a49

Vendor Advisory: https://git.kernel.org/stable/c/22042ffedd8c2c6db08ccdd6d4273068eddd3c5c

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable ASIX USB driver

linux

Prevent loading of the vulnerable ASIX USB network driver

echo 'blacklist asix' >> /etc/modprobe.d/blacklist.conf
rmmod asix

Restrict USB device access

linux

Prevent unauthorized USB devices from being connected

echo '0' > /sys/bus/usb/drivers/asix/new_id
chmod 000 /sys/bus/usb/drivers/asix/bind

🧯 If You Can't Patch

Physically disconnect ASIX USB network adapters from critical systems
Implement USB device control policies to prevent unauthorized ASIX device connections

🔍 How to Verify

Check if Vulnerable:

Check if ASIX driver is loaded: lsmod | grep asix. Check kernel version: uname -r and compare with patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for ASIX driver initialization errors.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
MDIO bus initialization errors in dmesg
ASIX driver crash logs

Network Indicators:

Sudden loss of network connectivity on USB interfaces
USB device disconnection events

SIEM Query:

source="kernel" AND ("asix" OR "MDIO" OR "shift-out-of-bounds")

📊 Metadata

CVE ID: CVE-2025-38736

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.02% exploit probability (2.7th percentile)

Published: September 5, 2025

Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38736, you might also want to check these: