Linux Kernel Uninitialized Memory Vulnerability in RTL8712 USB Driver

A vulnerability in the Linux kernel's RTL8712 USB driver has been addressed, concerning uninitialized memory in the 'usb_read8()', 'usb_read16()', and 'usb_read32()' functions. When the 'r8712_usbctrl_vendorreq()' function returns a negative value, the 'data' variable in the read functions is left uninitialized. This issue was detected by the Kernel Memory Sanitizer (KMSAN), which reported the use of an uninitialized value in a string processing function, leading to potential information leakage through the kernel's printk logging system.

Impact

Exploitation of this vulnerability could result in the use of uninitialized memory, potentially leading to information disclosure or other unintended behavior in the kernel.

Reproduction

The vulnerability can be reproduced by loading a USB device that is managed by the RTL8712 driver. When the driver attempts to read data from the device, the 'r8712_usbctrl_vendorreq()' function may return a negative value, causing the 'data' variable in the 'usb_read8()', 'usb_read16()', and 'usb_read32()' functions to remain uninitialized. This uninitialized data can then be inadvertently logged by the kernel, demonstrating the vulnerability.