Fixed
Created: Dec 25, 2025
Updated: Dec 27, 2025
Resolved Date: Dec 25, 2025
Found In Version: 10.22.33.2
Fix Version: 10.22.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
usb: idmouse: fix an uninit-value in idmouse_open
In idmouse_create_image, if any ftip_command fails, it will
go to the reset label. However, this leads to the data in
bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check
for valid image incurs an uninitialized dereference.
Fix this by moving the check before reset label since this
check only be valid if the data after bulk_in_buffer[HEADER]
has concrete data.
Note that this is found by KMSAN, so only kernel compilation
is tested.
