Main Vulnerability Database SB2025122334

SB2025122334 - Use of uninitialized resource in Linux kernel dsa microchip driver

Published: December 23, 2025

Security Bulletin ID SB2025122334

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of uninitialized resource (CVE-ID: CVE-2025-68338)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ksz_setup() function in drivers/net/dsa/microchip/ksz_common.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/25b62cc5b22c45face094ae3e8717258e46d1d19
https://git.kernel.org/stable/c/32abbcf4379a0f851d7eb9d4389e7bf5c64bf6c0
https://git.kernel.org/stable/c/9428654c827fa8d38b898135d26d39ee2d544246