Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-40189

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
12/11/2025
Última modificación:
12/11/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom<br /> <br /> Syzbot reported read of uninitialized variable BUG with following call stack.<br /> <br /> lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout<br /> =====================================================<br /> BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]<br /> BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]<br /> BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241<br /> lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]<br /> lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]<br /> lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241<br /> lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766<br /> lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707<br /> <br /> Local variable sig.i.i created at:<br /> lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]<br /> lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]<br /> lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241<br /> lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766<br /> <br /> The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM<br /> read timeout errors (-ETIMEDOUT). In the fallthrough path, it first<br /> attempted to restore the pin configuration for LED outputs and then<br /> returned only the status of that restore operation, discarding the<br /> original timeout error.<br /> <br /> As a result, callers could mistakenly treat the data buffer as valid<br /> even though the EEPROM read had actually timed out with no data or partial<br /> data.<br /> <br /> To fix this, handle errors in restoring the LED pin configuration separately.<br /> If the restore succeeds, return any prior EEPROM timeout error correctly<br /> to the caller.

Impacto

Referencias a soluciones, herramientas e información