CVE-2021-47101 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability is an uninitialized variable issue in the `asix_mdio_read()` function within the ASIX USB network driver. Specifically, the `asix_read_cmd()` function may read less than `sizeof(smsr)` bytes, resulting in `smsr` being left uninitialized.

 This issue was detected by the KMSAN (Kernel Memory Sanitizer) tool, which reported an "uninit-value" bug in `asix_check_host_enable()` and `asix_mdio_read()`. The bug occurs because the `smsr` variable is not initialized before it's used, leading to potential memory corruption or other unexpected behavior.

 The vulnerability was introduced in Linux kernel version 4.9 with commit `d9fe64e51114` and fixed in versions 5.15.12 with commit `d259f621c859` and 5.16 with commit `8035b1a2a37a`. The affected file is `drivers/net/usb/asix_common.c`. To mitigate this issue, it's recommended to update to the latest stable kernel version.
	The vulnerability is an uninitialized variable issue in the `asix_mdio_read()` function within the ASIX USB network driver. Specifically, the `asix_read_cmd()` function may read less than `sizeof(smsr)` bytes, resulting in `smsr` being left uninitialized.

	This issue was detected by the KMSAN (Kernel Memory Sanitizer) tool, which reported an "uninit-value" bug in `asix_check_host_enable()` and `asix_mdio_read()`. The bug occurs because the `smsr` variable is not initialized before it's used, leading to potential memory corruption or other unexpected behavior.

	The vulnerability was introduced in Linux kernel version 4.9 with commit `d9fe64e51114` and fixed in versions 5.15.12 with commit `d259f621c859` and 5.16 with commit `8035b1a2a37a`. The affected file is `drivers/net/usb/asix_common.c`. To mitigate this issue, it's recommended to update to the latest stable kernel version.