CVE-2025-40221

Linux Kernel - Information Exposure via Uninitialized Stack Data in mg4b Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the `scan` structure is zeroed before use.

Scores

EPSS 0.0016
EPSS Percentile 5.6%

Details

Status published
Products (10)
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 6.7
Linux/Linux 0ab13674a9bd10514486cf1670d71dbd8afec421 - b792eba44494b4e6ab5006013335f9819f303b8b
Linux/Linux 0ab13674a9bd10514486cf1670d71dbd8afec421 - b7f82da7f86479cb6479a76ebe213ece7c77398f
Linux/Linux 0ab13674a9bd10514486cf1670d71dbd8afec421 - c0d3f6969bb4d72476cfe7ea9263831f1c283704
Linux/Linux 6.12.54 - 6.12.*
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
Linux/Linux 6.7
Published Dec 04, 2025
Tracked Since Feb 18, 2026