CVE-2025-38277
published 2025-07-10CVE-2025-38277: In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
If ctx->steps is zero, the loop processing ECC steps is skipped,
and the variable ret remains uninitialized. It is later checked
and returned, which leads to undefined behavior and may cause
unpredictable results in user space or kernel crashes.
This scenario can be triggered in edge cases such as misconfigured
geometry, ECC engine misuse, or if ctx->steps is not validated
after initialization.
Initialize ret to zero before the loop to ensure correct and safe
behavior regardless of the ctx->steps value.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 48e6633a9fa2400b53a964358753769f291a7eb0 < 4d9d6e4be09472aa72953caca3dbefdc27846170 | 4d9d6e4be09472aa72953caca3dbefdc27846170 |
| linux | linux | >= 48e6633a9fa2400b53a964358753769f291a7eb0 < a0d9d9b5a4634e146ae41cb25667322e5c7d74d2 | a0d9d9b5a4634e146ae41cb25667322e5c7d74d2 |
| linux | linux | >= 48e6633a9fa2400b53a964358753769f291a7eb0 < 7a23cc510ecaabab4f6df7e9d910d16e279b72ad | 7a23cc510ecaabab4f6df7e9d910d16e279b72ad |
| linux | linux | >= 48e6633a9fa2400b53a964358753769f291a7eb0 < 49482f4a39620f6afedcd3f6aa9e0d558b6a460b | 49482f4a39620f6afedcd3f6aa9e0d558b6a460b |
| linux | linux | >= 48e6633a9fa2400b53a964358753769f291a7eb0 < d95846350aac72303036a70c4cdc69ae314aa26d | d95846350aac72303036a70c4cdc69ae314aa26d |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.18 < 6.1.142 | 6.1.142 |
| linux | linux_kernel | >= 6.13 < 6.15.3 | 6.15.3 |
| linux | linux_kernel | >= 6.2 < 6.6.94 | 6.6.94 |
| linux | linux_kernel | >= 6.7 < 6.12.34 | 6.12.34 |
| msrc | azl3_kernel_6.6.92.2-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.1-1_on_azure_linux_3.0 | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-6.8 | — | — |
| ubuntu | linux-gkeop | — | — |
| ubuntu | linux-nvidia | — | — |
| ubuntu | linux-nvidia-6.8 | — | — |
| ubuntu | linux-oracle | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM