If running ethtool for reading eeprom of device (param -m or param -e), it can lead to reading some uninitialized values from kernel memory. However, attacker can just read some unknown values from drivers memory, but cannot control what and where reads and these values related to the driver only. Attacker cannot affect availability and cannot make any other higher impact than such reading. The rate of issue is low both because need root access for running "ethtool -m/-e" and because it can work only for some specific network drivers. The suggested patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702#70
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1847557]
Statement: This issue is rated as having Low impact because of being limited to only reading some of the values from the memory of some particular drivers and very limited kernel stack exposure.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
External References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702