CVE-2025-38485
published 2025-07-28CVE-2025-38485: In the Linux kernel, the following vulnerability has been resolved: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush fxls8962af_fifo_flush()…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with
iio_for_each_active_channel()) without making sure the indio_dev
stays in buffer mode.
There is a race if indio_dev exits buffer mode in the middle of the
interrupt that flushes the fifo. Fix this by calling
synchronize_irq() to ensure that no interrupt is currently running when
disabling buffer mode.
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[...]
_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290
fxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178
fxls8962af_interrupt from irq_thread_fn+0x1c/0x7c
irq_thread_fn from irq_thread+0x110/0x1f4
irq_thread from kthread+0xe0/0xfc
kthread from ret_from_fork+0x14/0x2c
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < 6ecd61c201b27ad2760b3975437ad2b97d725b98 | 6ecd61c201b27ad2760b3975437ad2b97d725b98 |
| linux | linux | >= 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < dda42f23a8f5439eaac9521ce0531547d880cc54 | dda42f23a8f5439eaac9521ce0531547d880cc54 |
| linux | linux | >= 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < bfcda3e1015791b3a63fb4d3aad408da9cf76e8f | bfcda3e1015791b3a63fb4d3aad408da9cf76e8f |
| linux | linux | >= 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < 1803d372460aaa9ae0188a30c9421d3f157f2f04 | 1803d372460aaa9ae0188a30c9421d3f157f2f04 |
| linux | linux | >= 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < 1fe16dc1a2f5057772e5391ec042ed7442966c9a | 1fe16dc1a2f5057772e5391ec042ed7442966c9a |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.14 < 6.1.147 | 6.1.147 |
| linux | linux_kernel | >= 6.13 < 6.15.8 | 6.15.8 |
| linux | linux_kernel | >= 6.2 < 6.6.100 | 6.6.100 |
| linux | linux_kernel | >= 6.7 < 6.12.40 | 6.12.40 |
| msrc | azl3_kernel_6.6.96.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-6.8 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH