CVE-2025-38086

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38086
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38086.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38086
Downstream
Related
Published
2025-06-28T08:15:24Z
Modified
2025-08-12T21:01:38Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ch9200: fix uninitialised access during miinwayrestart

In miinwayrestart() the code attempts to call mii->mdioread which is ch9200mdioread(). ch9200mdioread() utilises a local buffer called "buff", which is initialised with controlread(). However "buff" is conditionally initialised inside control_read():

    if (err == size) {
            memcpy(data, buf, size);
    }

If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200mdioread():

    return (buff[0] | buff[1] << 8);

The problem stems from the fact that ch9200mdioread() ignores the return value of control_read(), leading to uinit-access of "buff".

To fix this we should check the return value of control_read() and return early on error.

References

Affected packages