Linux Kernel asix Driver Error Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's asix driver has been addressed, which involved improper error handling of USB read errors. The issue arose because the asix_read_cmd() function sometimes read fewer bytes than requested, leading to the potential use of uninitialized values. The vulnerability has been resolved by adding sanity checks to ensure that the number of bytes read meets the requested amount, and by implementing the necessary error handling throughout the driver code.

Impact

The vulnerability could lead to the use of uninitialized values, which may cause undefined behavior in the driver.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel asix Driver Error Handling Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating