CVE-2025-38133

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38133
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 chan pointer handling The pointer returned from ad4851_parse_channels_common() is incremented internally as each channel is populated. In ad4858_parse_channels(), the same pointer was further incremented while setting ext_scan_type fields for each channel. This resulted in indio_dev->channels being set to a pointer past the end of the allocated array, potentially causing memory corruption or undefined behavior. Fix this by iterating over the channels using an explicit index instead of incrementing the pointer. This preserves the original base pointer and ensures all channel metadata is set correctly.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/499a8cee812588905cc940837e69918c1649a19e Patch
https://git.kernel.org/stable/c/6c3b9e1167d072ce2d01cafec7866647cf8d3616 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

20 Nov 2025, 20:11

Type Values Removed Values Added
CWE CWE-787
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/499a8cee812588905cc940837e69918c1649a19e - () https://git.kernel.org/stable/c/499a8cee812588905cc940837e69918c1649a19e - Patch
References () https://git.kernel.org/stable/c/6c3b9e1167d072ce2d01cafec7866647cf8d3616 - () https://git.kernel.org/stable/c/6c3b9e1167d072ce2d01cafec7866647cf8d3616 - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: ad4851: corrección del manejo del puntero de canal ad4858. El puntero devuelto por ad4851_parse_channels_common() se incrementa internamente a medida que se rellena cada canal. En ad4858_parse_channels(), el mismo puntero se incrementó aún más al configurar los campos ext_scan_type para cada canal. Esto provocó que indio_dev->channels se configurara en un puntero más allá del final de la matriz asignada, lo que podría causar corrupción de memoria o un comportamiento indefinido. Corrija esto iterando sobre los canales utilizando un índice explícito en lugar de incrementar el puntero. Esto preserva el puntero base original y garantiza que todos los metadatos del canal se configuren correctamente.

03 Jul 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-03 09:15

Updated : 2025-11-20 20:11

NVD link : CVE-2025-38133

Mitre link : CVE-2025-38133

CVE.ORG link : CVE-2025-38133

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write