{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40189", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.177Z", "datePublished": "2025-11-12T21:56:30.575Z", "dateUpdated": "2025-11-12T21:56:30.575Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-11-12T21:56:30.575Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\n\nSyzbot reported read of uninitialized variable BUG with following call stack.\n\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\n\nLocal variable sig.i.i created at:\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\n\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\n\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/lan78xx.c"], "versions": [{"version": "8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4", "lessThan": "a72a7c4f675080a324d4c2167bd2314d968279f1", "status": "affected", "versionType": "git"}, {"version": "8b1b2ca83b200fa46fdfb81e80ad5fe34537e6d4", "lessThan": "49bdb63ff64469a6de8ea901aef123c75be9bbe7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/lan78xx.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.4", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.17.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1"}, {"url": "https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7"}], "title": "net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\n\nSyzbot reported read of uninitialized variable BUG with following call stack.\n\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\n\nLocal variable sig.i.i created at:\n lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\n lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\n lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\n lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\n\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\n\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\n\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller."}], "id": "CVE-2025-40189", "lastModified": "2025-11-14T16:42:30.503", "metrics": {}, "published": "2025-11-12T22:15:45.833", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom", "id": "2414711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414711"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom\nSyzbot reported read of uninitialized variable BUG with following call stack.\nlan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout\n=====================================================\nBUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nBUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nBUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\nlan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]\nlan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nlan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241\nlan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\nlan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707\nLocal variable sig.i.i created at:\nlan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]\nlan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]\nlan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241\nlan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766\nThe function lan78xx_read_raw_eeprom failed to properly propagate EEPROM\nread timeout errors (-ETIMEDOUT). In the fallthrough path, it first\nattempted to restore the pin configuration for LED outputs and then\nreturned only the status of that restore operation, discarding the\noriginal timeout error.\nAs a result, callers could mistakenly treat the data buffer as valid\neven though the EEPROM read had actually timed out with no data or partial\ndata.\nTo fix this, handle errors in restoring the LED pin configuration separately.\nIf the restore succeeds, return any prior EEPROM timeout error correctly\nto the caller."], "name": "CVE-2025-40189", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40189\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40189\nhttps://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40189-c4ca@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-11-13T09:52:24.862678+00:00", "updated": "2025-11-13T09:52:24.862705+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}