CVE-2025-40189

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The lan78xx read raw eeprom function did not correctly handle EEPROM read timeout errors (-ETIMEDOUT). The function would discard the original timeout error and return only the status of a subsequent LED pin configuration restore operation. This could lead callers to incorrectly assume that the data buffer was valid even when the EEPROM read had timed out, resulting in potentially invalid data being used. The issue occurs within the lan78xx read eeprom function, which is called by lan78xx init mac address and lan78xx reset. The lan78xx bind and lan78xx probe functions are also involved in the call stack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.