Mikhail Kobuk

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** The issue is related to an out of bounds read access of `gbe phy init fix[fix idx].addr` every iteration after `fix idx` reaches `ARRAY SIZE(gbe phy init fix)`. To fix this, `gbe phy init[addr]` should be used when all elements of `gbe phy init fix` array are handled. This was found by Linux Verification Center with SVACE. **Recommendations** Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `gbe phy init fix` array until a patch is available.