Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]media: cxusb: no longer judge rbuf when the write fails[EOL][EOL]syzbot reported a uninit-value in cxusb_i2c_xfer. [1][EOL][EOL]Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()[EOL]succeeds and rlen is greater than 0, the read operation of usb_bulk_msg()[EOL]will be executed to read rlen bytes of data from the dvb device into the[EOL]rbuf.[EOL][EOL]In this case, although rlen is 1, the write operation failed which resulted[EOL]in the dvb read operation not being executed, and ultimately variable i was[EOL]not initialized.[EOL][EOL][1][EOL]BUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline][EOL]BUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196[EOL] cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline][EOL] cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196[EOL] __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1[EOL] i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315[EOL] i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343[EOL] i2c_master_send include/linux/i2c.h:109 [inline][EOL] i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183[EOL] do_loop_readv_writev fs/read_write.c:848 [inline][EOL] vfs_writev+0x963/0x14e0 fs/read_write.c:1057[EOL] do_writev+0x247/0x5c0 fs/read_write.c:1101[EOL] __do_sys_writev fs/read_write.c:1169 [inline][EOL] __se_sys_writev fs/read_write.c:1166 [inline][EOL] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166[EOL] x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21[EOL] do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline][EOL] do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94[EOL] entry_SYSCALL_64_after_hwframe+0x77/0x7f

CREATE(Triage):(User=admin) [CVE-2025-38229 (https://nvd.nist.gov/vuln/detail/CVE-2025-38229)