CVE-2025-38086
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/06/2025
Last modified:
17/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: ch9200: fix uninitialised access during mii_nway_restart<br />
<br />
In mii_nway_restart() the code attempts to call<br />
mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()<br />
utilises a local buffer called "buff", which is initialised<br />
with control_read(). However "buff" is conditionally<br />
initialised inside control_read():<br />
<br />
if (err == size) {<br />
memcpy(data, buf, size);<br />
}<br />
<br />
If the condition of "err == size" is not met, then<br />
"buff" remains uninitialised. Once this happens the<br />
uninitialised "buff" is accessed and returned during<br />
ch9200_mdio_read():<br />
<br />
return (buff[0] | buff[1]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.3.1 (including) | 5.4.295 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.239 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.186 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.142 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.95 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.35 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:4.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.3:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.3:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.3:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.3:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.3:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/119766de4930ff40db9f36b960cb53b0c400e81b
- https://git.kernel.org/stable/c/33163c68d2e3061fa3935b5f0a1867958b1cdbd2
- https://git.kernel.org/stable/c/4da7fcc098218ff92b2e83a43f545c02f714cedd
- https://git.kernel.org/stable/c/6bd2569d0b2f918e9581f744df0263caf73ee76c
- https://git.kernel.org/stable/c/9a350f30d65197354706b7759b5c89d6c267b1a9
- https://git.kernel.org/stable/c/9ad0452c0277b816a435433cca601304cfac7c21
- https://git.kernel.org/stable/c/9da3e442714f7f4393ff01c265c4959c03e88c2f
- https://git.kernel.org/stable/c/cdaa6d1cb2ff1219c6c822b27655dd170ffb0f72
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html