CVE-2025-38086
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-28

Last updated on: 2025-12-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-28
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-06-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38086
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.3.1 (inc) to 5.4.295 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
linux linux_kernel 4.3
linux linux_kernel 4.3
linux linux_kernel 4.3
linux linux_kernel 4.3
linux linux_kernel 4.3
linux linux_kernel 4.3
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ch9200 network driver, specifically in the mii_nway_restart() function. The function calls ch9200_mdio_read(), which uses a local buffer 'buff' that is supposed to be initialized by control_read(). However, control_read() only initializes 'buff' if a certain condition (err == size) is met. If this condition is not met, 'buff' remains uninitialized but is still accessed and returned by ch9200_mdio_read(), leading to uninitialized memory access. The root cause is that ch9200_mdio_read() ignores the return value of control_read(), which should be checked to avoid using uninitialized data. The fix involves checking the return value of control_read() and returning early on error to prevent uninitialized access.


How can this vulnerability impact me? :

The vulnerability can lead to uninitialized memory access in the Linux kernel's network driver, which may cause undefined behavior such as system instability, crashes, or potential information leakage. Since it involves reading uninitialized data, it could expose sensitive kernel memory contents or cause kernel faults, impacting system reliability and security.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the ch9200 driver has been fixed to properly check the return value of control_read() in mii_nway_restart(), preventing uninitialized buffer access. Until then, avoid using affected hardware or drivers if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart