Linux Kernel ASIX USB Driver PHY Address Validation Vulnerability

A vulnerability exists in the ASIX USB driver of the Linux kernel, where the PHY address read from a USB device is not properly validated before use. The function 'asix_read_phy_addr()' can be manipulated by a malicious or faulty device to return an invalid address, which triggers a warning about the address being out of range. This issue has been addressed by adding a validation step to ensure the PHY address is within the acceptable range, and removing the now-unnecessary check in a related file.

Impact

Exploitation of this vulnerability could lead to improper handling of PHY addresses, potentially causing out-of-range errors that could be exploited in certain scenarios.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.