DEBIAN-CVE-2025-40189

Source
https://security-tracker.debian.org/tracker/CVE-2025-40189
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40189.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-40189
Upstream
Published
2025-11-12T22:15:45.833Z
Modified
2025-11-21T03:14:48.130339Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xxreadraweeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed netdevice) (uninitialized): EEPROM read operation timeout ===================================================== BUG: KMSAN: uninit-value in lan78xxreadeeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xxinitmacaddress drivers/net/usb/lan78xx.c:1937 [inline] BUG: KMSAN: uninit-value in lan78xxreset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xxreadeeprom drivers/net/usb/lan78xx.c:1095 [inline] lan78xxinitmacaddress drivers/net/usb/lan78xx.c:1937 [inline] lan78xxreset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xxbind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 lan78xxprobe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707 Local variable sig.i.i created at: lan78xxreadeeprom drivers/net/usb/lan78xx.c:1092 [inline] lan78xxinitmacaddress drivers/net/usb/lan78xx.c:1937 [inline] lan78xxreset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xxbind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 The function lan78xxreadraweeprom failed to properly propagate EEPROM read timeout errors (-ETIMEDOUT). In the fallthrough path, it first attempted to restore the pin configuration for LED outputs and then returned only the status of that restore operation, discarding the original timeout error. As a result, callers could mistakenly treat the data buffer as valid even though the EEPROM read had actually timed out with no data or partial data. To fix this, handle errors in restoring the LED pin configuration separately. If the restore succeeds, return any prior EEPROM timeout error correctly to the caller.

References

Affected packages

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.17.6-1

Affected versions

6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1
6.16.3-1
6.16.5-1
6.16.6-1
6.16.7-1
6.16.8-1
6.16.9-1
6.16.10-1
6.16.11-1
6.16.12-1
6.16.12-2
6.17.2-1~exp1
6.17.5-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-40189.json"