In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025062801-CVE-2025-38086-783b@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:11456 https://access.redhat.com/errata/RHSA-2025:11456
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:11455 https://access.redhat.com/errata/RHSA-2025:11455
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:11861 https://access.redhat.com/errata/RHSA-2025:11861
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:12662 https://access.redhat.com/errata/RHSA-2025:12662
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13633 https://access.redhat.com/errata/RHSA-2025:13633
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:13776 https://access.redhat.com/errata/RHSA-2025:13776
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13781 https://access.redhat.com/errata/RHSA-2025:13781
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:13805 https://access.redhat.com/errata/RHSA-2025:13805
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:13946 https://access.redhat.com/errata/RHSA-2025:13946
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:14054 https://access.redhat.com/errata/RHSA-2025:14054
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:14094 https://access.redhat.com/errata/RHSA-2025:14094
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:14136 https://access.redhat.com/errata/RHSA-2025:14136
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:14418 https://access.redhat.com/errata/RHSA-2025:14418