PT-2025-28997 · Linux+6 · Linux Kernel+6

Anubis

·

Published

2025-04-09

·

Updated

2026-04-20

·

CVE-2025-38277

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains an issue where an uninitialized variable ret is used in the ecc-mxic functionality within the MTD/NAND subsystem. If ctx->steps is zero, the ECC step processing loop is skipped, leaving ret uninitialized. A subsequent check and return of this uninitialized value can lead to undefined behavior, potentially causing kernel crashes or unpredictable results in user space. This can be triggered by misconfigured geometry, ECC engine misuse, or a lack of validation for ctx->steps after initialization. The issue was discovered by the Linux Verification Center (linuxtesting.org) using SVACE.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Improper Initialization

Weakness Enumeration

CWE-908CWE-665

Related Identifiers

AZL-64973
BDU:2025-10310
CVE-2025-38277
DLA-4328-1
DSA-5973-1
ECHO-7D9E-4069-48C0
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu