In the Linux kernel, following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy syzbot, identified an (see report [1]) in aqc111 driver, caused by incomplete sanitation usb calls' results. This problem is quite similar to one fixed in commit 920a9fa27e78 ("net: asix: add proper errors"). For instance, usbnet_read_cmd() may fewer than 'size' bytes, even if caller expected full amount, and aqc111_read_cmd() will not check its result properly. As [1] shows, this lead to MAC address aqc111_bind() being only partly initialized, triggering KMSAN warnings. Fix issue verifying that number bytes is as less. [1] Partial syzbot report: BUG: KMSAN: uninit-value is_valid_ether_addr include/linux/etherdevice.h:208 [inline] BUG: usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830 [inline] usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:-1 really_probe+0x4d1/0xd90 drivers/base/dd.c:658 __driver_probe_device+0x268/0x380 drivers/base/dd.c:800 ... Uninit was stored memory at: dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582 __dev_addr_set include/linux/netdevice.h:4874 eth_hw_addr_set include/linux/etherdevice.h:325 aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717 usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772 drivers/usb/core/driver.c:396 ... Uninit ether_addr_copy include/linux/etherdevice.h:305 aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713 [inline] ... Local variable buf.i created drivers/net/usb/aqc111.c:656 aqc111_bind+0x221/0x1150 drivers/net/usb/usbnet.c:1772