AZL-64383

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64383.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64383

Upstream

CVE-2025-38086

Published

2025-06-28T08:15:24Z

Modified

2026-04-01T05:20:18.555222Z

Summary

CVE-2025-38086 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: ch9200: fix uninitialised access during miinwayrestart

In miinwayrestart() the code attempts to call mii->mdioread which is ch9200mdioread(). ch9200mdioread() utilises a local buffer called "buff", which is initialised with controlread(). However "buff" is conditionally initialised inside control_read():

    if (err == size) {
            memcpy(data, buf, size);
    }

If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200mdioread():

    return (buff[0] | buff[1] << 8);

The problem stems from the fact that ch9200mdioread() ignores the return value of control_read(), leading to uinit-access of "buff".

To fix this we should check the return value of control_read() and return early on error.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38086

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64383.json"