Acknowledged
Created: Jul 10, 2025
Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]mtd: nand: ecc-mxic: Fix use of uninitialized variable ret[EOL][EOL]If ctx->steps is zero, the loop processing ECC steps is skipped,[EOL]and the variable ret remains uninitialized. It is later checked[EOL]and returned, which leads to undefined behavior and may cause[EOL]unpredictable results in user space or kernel crashes.[EOL][EOL]This scenario can be triggered in edge cases such as misconfigured[EOL]geometry, ECC engine misuse, or if ctx->steps is not validated[EOL]after initialization.[EOL][EOL]Initialize ret to zero before the loop to ensure correct and safe[EOL]behavior regardless of the ctx->steps value.[EOL][EOL]Found by Linux Verification Center (linuxtesting.org) with SVACE.
CREATE(Triage):(User=admin) [CVE-2025-38277 (https://nvd.nist.gov/vuln/detail/CVE-2025-38277)
