What is CVE-2025-40189?

CVE-2025-40189 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.14 onward and patched in 6.17.4 and 6.18. CVE-2025-40189 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40189?

CVE-2025-40189 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40189?

Yes, CVE-2025-40189 has been patched. Fixed versions include 6.17.4 and 6.18. If you are running Linux kernel 6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40189 actively exploited?

CVE-2025-40189 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40189

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout ===================================================== BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707 Local variable sig.i.i created at: lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline] lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline] lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766 The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM read timeout errors (-ETIMEDOUT). In the fallthrough path, it first attempted to restore the pin configuration for LED outputs and then returned only the status of that restore operation, discarding the original timeout error. As a result, callers could mistakenly treat the data buffer as valid even though the EEPROM read had actually timed out with no data or partial data. To fix this, handle errors in restoring the LED pin configuration separately. If the restore succeeds, return any prior EEPROM timeout error correctly to the caller.

Package Linux Kernel

Published 2025-11-12

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.14 and later are affected. Fixed in 6.17.4, 6.18 and their respective stable series.

Affected from

≥ 6.14

Fixed in

✓ 6.17.4 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40189 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/49bdb63ff64469a6de8ea901aef123c75be9bbe7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a72a7c4f675080a324d4c2167bd2314d968279f1
Patch

Frequently asked questions

What is CVE-2025-40189?

CVE-2025-40189 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.14 onward and has been patched in 6.17.4 and 6.18. CVE-2025-40189 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40189?

Yes — CVE-2025-40189 has been patched. Fixed versions include 6.17.4 and 6.18. If you are running Linux kernel 6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40189 actively exploited?

No — CVE-2025-40189 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.