vulnerability

Rocky Linux: CVE-2025-38086: kernel (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Oct 4, 2025	Feb 5, 2026	Feb 11, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Oct 4, 2025

Added

Feb 5, 2026

Modified

Feb 11, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ch9200: fix uninitialised access during mii_nway_restart

In mii_nway_restart() the code attempts to call
mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()
utilises a local buffer called "buff", which is initialised
with control_read(). However "buff" is conditionally
initialised inside control_read():

if (err == size) {
memcpy(data, buf, size);
}

If the condition of "err == size" is not met, then
"buff" remains uninitialised. Once this happens the
uninitialised "buff" is accessed and returned during
ch9200_mdio_read():

return (buff[0] | buff[1] << 8);

The problem stems from the fact that ch9200_mdio_read()
ignores the return value of control_read(), leading to
uinit-access of "buff".

To fix this we should check the return value of
control_read() and return early on error.

Solutions

rocky-upgrade-bpftoolrocky-upgrade-bpftool-debuginforocky-upgrade-kernelrocky-upgrade-kernel-corerocky-upgrade-kernel-cross-headersrocky-upgrade-kernel-debugrocky-upgrade-kernel-debug-corerocky-upgrade-kernel-debug-debuginforocky-upgrade-kernel-debug-develrocky-upgrade-kernel-debug-devel-matchedrocky-upgrade-kernel-debug-modulesrocky-upgrade-kernel-debug-modules-corerocky-upgrade-kernel-debug-modules-extrarocky-upgrade-kernel-debug-uki-virtrocky-upgrade-kernel-debuginforocky-upgrade-kernel-debuginfo-common-s390xrocky-upgrade-kernel-debuginfo-common-x86_64rocky-upgrade-kernel-develrocky-upgrade-kernel-devel-matchedrocky-upgrade-kernel-headersrocky-upgrade-kernel-modulesrocky-upgrade-kernel-modules-corerocky-upgrade-kernel-modules-extrarocky-upgrade-kernel-rtrocky-upgrade-kernel-rt-corerocky-upgrade-kernel-rt-debugrocky-upgrade-kernel-rt-debug-corerocky-upgrade-kernel-rt-debug-debuginforocky-upgrade-kernel-rt-debug-develrocky-upgrade-kernel-rt-debug-kvmrocky-upgrade-kernel-rt-debug-modulesrocky-upgrade-kernel-rt-debug-modules-corerocky-upgrade-kernel-rt-debug-modules-extrarocky-upgrade-kernel-rt-debuginforocky-upgrade-kernel-rt-debuginfo-common-x86_64rocky-upgrade-kernel-rt-develrocky-upgrade-kernel-rt-kvmrocky-upgrade-kernel-rt-modulesrocky-upgrade-kernel-rt-modules-corerocky-upgrade-kernel-rt-modules-extrarocky-upgrade-kernel-toolsrocky-upgrade-kernel-tools-debuginforocky-upgrade-kernel-tools-libsrocky-upgrade-kernel-tools-libs-develrocky-upgrade-kernel-uki-virtrocky-upgrade-kernel-uki-virt-addonsrocky-upgrade-kernel-zfcpdumprocky-upgrade-kernel-zfcpdump-corerocky-upgrade-kernel-zfcpdump-debuginforocky-upgrade-kernel-zfcpdump-develrocky-upgrade-kernel-zfcpdump-devel-matchedrocky-upgrade-kernel-zfcpdump-modulesrocky-upgrade-kernel-zfcpdump-modules-corerocky-upgrade-kernel-zfcpdump-modules-extrarocky-upgrade-libperfrocky-upgrade-libperf-debuginforocky-upgrade-perfrocky-upgrade-perf-debuginforocky-upgrade-python3-perfrocky-upgrade-python3-perf-debuginforocky-upgrade-rtlarocky-upgrade-rv

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today