Description

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vsprintf.c:1704 [inline] pointer+0x18e6/0x1f70 lib/vsprintf.c:2443 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615 __dev_printk+0x3be/0x440 drivers/base/core.c:4627 _dev_info+0x1ea/0x22f drivers/base/core.c:4673 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436 kthread+0x3c7/0x500 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 Local variable data created at: usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29 KMSAN: uninit-value in r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

Metrics

 

CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score:  5.5 MEDIUM

Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Hyperlink	Resource
https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372	Patch
https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1	Patch
https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612	Patch
https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0	Patch
https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa	Patch
https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-908	Use of Uninitialized Resource	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 4/14/2025 4:08:57 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		CWE-908
Added	CPE Configuration		Record truncated, showing 500 of 544 characters. View Entire Change Record OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18 up to (excluding) 5.18.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.17.15 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.47 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.122 *cpe:2.3:o:linux:linux_kernel:*:*:*:
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846 Types: Patch

New CVE Received from kernel.org 2/26/2025 2:01:06 AM

Action	Type	Old Value	New Value
Added	Description		Record truncated, showing 500 of 2962 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
Added	Reference		https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372
Added	Reference		https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1
Added	Reference		https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612
Added	Reference		https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0
Added	Reference		https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa
Added	Reference		https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846