CVE-2025-38086
Published: Jun 28, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 4a476bd6d1d923922ec950ddc4c27b279f6901eb - < 119766de4930ff40db9f36b960cb53b0c400e81baffected 4a476bd6d1d923922ec950ddc4c27b279f6901eb - < 33163c68d2e3061fa3935b5f0a1867958b1cdbd2affected 4a476bd6d1d923922ec950ddc4c27b279f6901eb - < 9da3e442714f7f4393ff01c265c4959c03e88c2faffected 4a476bd6d1d923922ec950ddc4c27b279f6901eb - < 9a350f30d65197354706b7759b5c89d6c267b1a9affected 4a476bd6d1d923922ec950ddc4c27b279f6901eb - < 6bd2569d0b2f918e9581f744df0263caf73ee76c+3 more versions |
Linux | Linux | affected 4.3unaffected 0 - < 4.3unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now