fkie_cve-2025-38485
Vulnerability from fkie_nvd
Published
2025-07-28 12:15
Modified
2025-07-29 14:14
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with iio_for_each_active_channel()) without making sure the indio_dev stays in buffer mode. There is a race if indio_dev exits buffer mode in the middle of the interrupt that flushes the fifo. Fix this by calling synchronize_irq() to ensure that no interrupt is currently running when disabling buffer mode. Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [...] _find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290 fxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178 fxls8962af_interrupt from irq_thread_fn+0x1c/0x7c irq_thread_fn from irq_thread+0x110/0x1f4 irq_thread from kthread+0xe0/0xfc kthread from ret_from_fork+0x14/0x2c
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: accel: fxls8962af: Se corrige el use-after-free en fxls8962af_fifo_flush. fxls8962af_fifo_flush() usa indio_dev-\u0026gt;active_scan_mask (con iio_for_each_active_channel()) sin asegurarse de que indio_dev permanezca en modo b\u00fafer. Se produce una ejecuci\u00f3n si indio_dev sale del modo b\u00fafer en medio de la interrupci\u00f3n que vac\u00eda el fifo. Se corrige esto llamando a synchronize_irq() para garantizar que no haya ninguna interrupci\u00f3n en ejecuci\u00f3n al deshabilitar el modo b\u00fafer. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000 al leer [...] _find_first_bit_le de fxls8962af_fifo_flush+0x17c/0x290 fxls8962af_fifo_flush de fxls8962af_interrupt+0x80/0x178 fxls8962af_interrupt de irq_thread_fn+0x1c/0x7c irq_thread_fn de irq_thread+0x110/0x1f4 irq_thread de kthread+0xe0/0xfc kthread de ret_from_fork+0x14/0x2c"
    }
  ],
  "id": "CVE-2025-38485",
  "lastModified": "2025-07-29T14:14:29.590",
  "metrics": {},
  "published": "2025-07-28T12:15:30.487",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.