Linux Kernel Vulnerability in CH9200 Network Driver
CVE-2025-38086

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-38086?

In the Linux kernel, a vulnerability exists within the CH9200 network driver where uninitialized memory access may occur during the execution of the mii_nway_restart() function. The vulnerability arises because the ch9200_mdio_read() function accesses a local buffer named 'buff', which is conditionally initialized. If an error condition occurs, the uninitialized 'buff' is accessed, leading to potential undefined behavior or exploitation. A solution has been implemented to check the return value from control_read() and ensure early termination on errors, mitigating the risk of this vulnerability.

Affected Version(s)

Linux 4a476bd6d1d923922ec950ddc4c27b279f6901eb < 119766de4930ff40db9f36b960cb53b0c400e81b

Linux 4a476bd6d1d923922ec950ddc4c27b279f6901eb < 33163c68d2e3061fa3935b5f0a1867958b1cdbd2

Linux 4a476bd6d1d923922ec950ddc4c27b279f6901eb < 9da3e442714f7f4393ff01c265c4959c03e88c2f

References

https://git.kernel.org/stable/c/119766de4930ff40db9f36b96...

https://git.kernel.org/stable/c/33163c68d2e3061fa3935b5f0...

https://git.kernel.org/stable/c/9da3e442714f7f4393ff01c26...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Apr 16, 2025