CVE-2025-40189
Description
In the Linux kernel, the following vulnerability has been resolved:net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eepromSyzbot reported read of uninitialized variable BUG with following call stack.lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout=====================================================BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707Local variable sig.i.i created at: lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766The function lan78xx_read_raw_eeprom failed to properly propagate EEPROMread timeout errors (-ETIMEDOUT). In the fallthrough path, it firstattempted to restore the pin configuration for LED outputs and thenreturned only the status of that restore operation, discarding theoriginal timeout error.As a result, callers could mistakenly treat the data buffer as valideven though the EEPROM read had actually timed out with no data or partialdata.To fix this, handle errors in restoring the LED pin configuration separately.If the restore succeeds, return any prior EEPROM timeout error correctlyto the caller.
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234