CVE-2025-71196
Description
In the Linux kernel, the following vulnerability has been resolved:phy: stm32-usphyc: Fix off by one in probe()The index variable is used as an index into the usbphyc->phys[] arraywhich has usbphyc->nphys elements. So if it is equal to usbphyc->nphysthen it is one element out of bounds. The index comes from thedevice tree so its data that we trust and its unlikely to be wrong,however its obviously still worth fixing the bug. Change the > to >=.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.035
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234