CVE-2025-40189 (GCVE-0-2025-40189)

Vulnerability from cvelistv5 – Published: 2025-11-12 21:56 – Updated: 2025-12-01 06:19

Summary

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout ===================================================== BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707 Local variable sig.i.i created at: lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM read timeout errors (-ETIMEDOUT). In the fallthrough path, it first attempted to restore the pin configuration for LED outputs and then returned only the status of that restore operation, discarding the original timeout error. As a result, callers could mistakenly treat the data buffer as valid even though the EEPROM read had actually timed out with no data or partial data. To fix this, handle errors in restoring the LED pin configuration separately. If the restore succeeds, return any prior EEPROM timeout error correctly to the caller.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a72a7c4f675080a32…
	https://git.kernel.org/stable/c/49bdb63ff64469a6d…

Impacted products

Vendor

Product

Version

Linux

Affected: 8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4 , < a72a7c4f675080a324d4c2167bd2314d968279f1 (git)
Affected: 8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4 , < 49bdb63ff64469a6de8ea901aef123c75be9bbe7 (git)

Linux

Affected: 6.14
Unaffected: 0 , < 6.14 (semver)
Unaffected: 6.17.4 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/lan78xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a72a7c4f675080a324d4c2167bd2314d968279f1",
              "status": "affected",
              "version": "8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4",
              "versionType": "git"
            },
            {
              "lessThan": "49bdb63ff64469a6de8ea901aef123c75be9bbe7",
              "status": "affected",
              "version": "8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/lan78xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\n\nSyzbot reported read of uninitialized variable BUG with following call stack.\n\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\n\nLocal variable sig.i.i created at:\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\n\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\n\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:19:48.226Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7"
        }
      ],
      "title": "net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40189",
    "datePublished": "2025-11-12T21:56:30.575Z",
    "dateReserved": "2025-04-16T07:20:57.177Z",
    "dateUpdated": "2025-12-01T06:19:48.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40189\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-11-12T22:15:45.833\",\"lastModified\":\"2025-11-14T16:42:30.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\\n\\nSyzbot reported read of uninitialized variable BUG with following call stack.\\n\\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\\n=====================================================\\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\\n\\nLocal variable sig.i.i created at:\\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\\n\\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\\nattempted to restore the pin configuration for LED outputs and then\\nreturned only the status of that restore operation, discarding the\\noriginal timeout error.\\n\\nAs a result, callers could mistakenly treat the data buffer as valid\\neven though the EEPROM read had actually timed out with no data or partial\\ndata.\\n\\nTo fix this, handle errors in restoring the LED pin configuration separately.\\nIf the restore succeeds, return any prior EEPROM timeout error correctly\\nto the caller.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2025-40189

Vulnerability from fkie_nvd - Published: 2025-11-12 22:15 - Updated: 2025-11-14 16:42

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\n\nSyzbot reported read of uninitialized variable BUG with following call stack.\n\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\n\nLocal variable sig.i.i created at:\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\n\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\n\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller."
    }
  ],
  "id": "CVE-2025-40189",
  "lastModified": "2025-11-14T16:42:30.503",
  "metrics": {},
  "published": "2025-11-12T22:15:45.833",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

WID-SEC-W-2025-2595

Vulnerability from csaf_certbund - Published: 2025-11-12 23:00 - Updated: 2025-12-02 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2595 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2595.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2595 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2595"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40178",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111240-CVE-2025-40178-8673@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40179",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40179-6d22@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40180",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40180-8258@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40181",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40181-f51c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40182",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40182-fa1b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40183",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40183-fb2f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40184",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40184-9760@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40185",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40185-0689@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40186",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40186-b204@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40187",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40187-7826@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40188",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40188-86c5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40189",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40189-c4ca@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40190",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40190-b6bc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40191",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40191-1ea5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40192",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40192-6344@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40193",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40193-6519@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40194",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40194-d959@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40195",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40195-f91e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40196",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40196-f1fa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40197",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40197-e5de@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40198",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40198-7a99@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40199",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40199-054c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40200",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40200-c514@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40201",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40201-b8fe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40202",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40202-f5ad@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40203",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40203-c83b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40204",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40204-0f06@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40205",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40205-ad43@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40206",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40206-b396@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40207",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40207-3528@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-40208",
        "url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40208-ded6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4379 vom 2025-11-25",
        "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00022.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22392 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22392"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22405 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22405"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-22405 vom 2025-12-02",
        "url": "https://linux.oracle.com/errata/ELSA-2025-22405.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-02T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-03T08:03:21.551+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2595",
      "initial_release_date": "2025-11-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-11-30T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-02T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T028462",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:unspecified"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40178",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40178"
    },
    {
      "cve": "CVE-2025-40179",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40179"
    },
    {
      "cve": "CVE-2025-40180",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40180"
    },
    {
      "cve": "CVE-2025-40181",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40181"
    },
    {
      "cve": "CVE-2025-40182",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40182"
    },
    {
      "cve": "CVE-2025-40183",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40183"
    },
    {
      "cve": "CVE-2025-40184",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40184"
    },
    {
      "cve": "CVE-2025-40185",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40185"
    },
    {
      "cve": "CVE-2025-40186",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40186"
    },
    {
      "cve": "CVE-2025-40187",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40187"
    },
    {
      "cve": "CVE-2025-40188",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40188"
    },
    {
      "cve": "CVE-2025-40189",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40189"
    },
    {
      "cve": "CVE-2025-40190",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40190"
    },
    {
      "cve": "CVE-2025-40191",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40191"
    },
    {
      "cve": "CVE-2025-40192",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40192"
    },
    {
      "cve": "CVE-2025-40193",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40193"
    },
    {
      "cve": "CVE-2025-40194",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40194"
    },
    {
      "cve": "CVE-2025-40195",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40195"
    },
    {
      "cve": "CVE-2025-40196",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40196"
    },
    {
      "cve": "CVE-2025-40197",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40197"
    },
    {
      "cve": "CVE-2025-40198",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40198"
    },
    {
      "cve": "CVE-2025-40199",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40199"
    },
    {
      "cve": "CVE-2025-40200",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40200"
    },
    {
      "cve": "CVE-2025-40201",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40201"
    },
    {
      "cve": "CVE-2025-40202",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40202"
    },
    {
      "cve": "CVE-2025-40203",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40203"
    },
    {
      "cve": "CVE-2025-40204",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40204"
    },
    {
      "cve": "CVE-2025-40205",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40205"
    },
    {
      "cve": "CVE-2025-40206",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40206"
    },
    {
      "cve": "CVE-2025-40207",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40207"
    },
    {
      "cve": "CVE-2025-40208",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2025-11-12T23:00:00.000+00:00",
      "title": "CVE-2025-40208"
    }
  ]
}

GHSA-58WG-GMCP-2862

Vulnerability from github – Published: 2025-11-13 00:30 – Updated: 2025-11-13 00:30

Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom

Syzbot reported read of uninitialized variable BUG with following call stack.

lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout

BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707

Local variable sig.i.i created at: lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766

The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM read timeout errors (-ETIMEDOUT). In the fallthrough path, it first attempted to restore the pin configuration for LED outputs and then returned only the status of that restore operation, discarding the original timeout error.

As a result, callers could mistakenly treat the data buffer as valid even though the EEPROM read had actually timed out with no data or partial data.

To fix this, handle errors in restoring the LED pin configuration separately. If the restore succeeds, return any prior EEPROM timeout error correctly to the caller.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40189"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T22:15:45Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\n\nSyzbot reported read of uninitialized variable BUG with following call stack.\n\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\n\nLocal variable sig.i.i created at:\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\n\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\n\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller.",
  "id": "GHSA-58wg-gmcp-2862",
  "modified": "2025-11-13T00:30:18Z",
  "published": "2025-11-13T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40189"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-40189 (GCVE-0-2025-40189)

FKIE_CVE-2025-40189

WID-SEC-W-2025-2595

GHSA-58WG-GMCP-2862

lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout

Tags

Sightings

Nomenclature