5.5

CVE-2025-37990

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

The function brcmf_usb_dl_writeimage() calls the function
brcmf_usb_dl_cmd() but dose not check its return value. The
'state.state' and the 'state.bytes' are uninitialized if the
function brcmf_usb_dl_cmd() fails. It is dangerous to use
uninitialized variables in the conditions.

Add error handling for brcmf_usb_dl_cmd() to jump to error
handling path if the brcmf_usb_dl_cmd() fails and the
'state.state' and the 'state.bytes' are uninitialized.

Improve the error message to report more detailed error
information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.4 < 5.4.294
LinuxLinux Kernel Version >= 5.5 < 5.10.238
LinuxLinux Kernel Version >= 5.11 < 5.15.182
LinuxLinux Kernel Version >= 5.16 < 6.1.138
LinuxLinux Kernel Version >= 6.2 < 6.6.90
LinuxLinux Kernel Version >= 6.7 < 6.12.28
LinuxLinux Kernel Version >= 6.13 < 6.14.6
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/508be7c001437bacad7b9a43f08a723887bcd1ea
Patch
https://git.kernel.org/stable/c/524b70441baba453b193c418e3142bd31059cc1f
Patch
https://git.kernel.org/stable/c/08424a0922fb9e32a19b09d852ee87fb6c497538
Patch
https://git.kernel.org/stable/c/bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7
Patch
https://git.kernel.org/stable/c/fa9b9f02212574ee1867fbefb0a675362a71b31d
Patch
https://git.kernel.org/stable/c/8e089e7b585d95122c8122d732d1d5ef8f879396
Patch
https://git.kernel.org/stable/c/62a4f2955d9a1745bdb410bf83fb16666d8865d6
Patch
https://git.kernel.org/stable/c/972bf75e53f778c78039c5d139dd47443a6d66a1
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Third Party Advisory