Home

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized. Improve the error message to report more detailed error information.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-20 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 972bf75e53f778c78039c5d139dd47443a6d66a1
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 62a4f2955d9a1745bdb410bf83fb16666d8865d6
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 508be7c001437bacad7b9a43f08a723887bcd1ea
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 524b70441baba453b193c418e3142bd31059cc1f
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 08424a0922fb9e32a19b09d852ee87fb6c497538
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before fa9b9f02212574ee1867fbefb0a675362a71b31d
affected

71bb244ba2fd5390eefe4ee9054abdb3f8b05922 (git) before 8e089e7b585d95122c8122d732d1d5ef8f879396
affected

Default status
affected

3.4
affected

Any version before 3.4
unaffected

5.4.294 (semver)
unaffected

5.10.238 (semver)
unaffected

5.15.182 (semver)
unaffected

6.1.138 (semver)
unaffected

6.6.90 (semver)
unaffected

6.12.28 (semver)
unaffected

6.14.6 (semver)
unaffected

6.15 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

lists.debian.org/debian-lts-announce/2025/08/msg00010.html

git.kernel.org/...c/972bf75e53f778c78039c5d139dd47443a6d66a1

git.kernel.org/...c/62a4f2955d9a1745bdb410bf83fb16666d8865d6

git.kernel.org/...c/508be7c001437bacad7b9a43f08a723887bcd1ea

git.kernel.org/...c/524b70441baba453b193c418e3142bd31059cc1f

git.kernel.org/...c/08424a0922fb9e32a19b09d852ee87fb6c497538

git.kernel.org/...c/bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7

git.kernel.org/...c/fa9b9f02212574ee1867fbefb0a675362a71b31d

git.kernel.org/...c/8e089e7b585d95122c8122d732d1d5ef8f879396

cve.org (CVE-2025-37990)

nvd.nist.gov (CVE-2025-37990)

Download JSON