{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38485", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.021Z", "datePublished": "2025-07-28T11:21:49.624Z", "dateUpdated": "2025-07-28T11:21:49.624Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T11:21:49.624Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/accel/fxls8962af-core.c"], "versions": [{"version": "79e3a5bdd9efbdf4e1069793d7735b432d641e7c", "lessThan": "6ecd61c201b27ad2760b3975437ad2b97d725b98", "status": "affected", "versionType": "git"}, {"version": "79e3a5bdd9efbdf4e1069793d7735b432d641e7c", "lessThan": "dda42f23a8f5439eaac9521ce0531547d880cc54", "status": "affected", "versionType": "git"}, {"version": "79e3a5bdd9efbdf4e1069793d7735b432d641e7c", "lessThan": "bfcda3e1015791b3a63fb4d3aad408da9cf76e8f", "status": "affected", "versionType": "git"}, {"version": "79e3a5bdd9efbdf4e1069793d7735b432d641e7c", "lessThan": "1803d372460aaa9ae0188a30c9421d3f157f2f04", "status": "affected", "versionType": "git"}, {"version": "79e3a5bdd9efbdf4e1069793d7735b432d641e7c", "lessThan": "1fe16dc1a2f5057772e5391ec042ed7442966c9a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/accel/fxls8962af-core.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.147", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.100", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.40", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.8", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.147"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.12.40"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.15.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98"}, {"url": "https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54"}, {"url": "https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f"}, {"url": "https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04"}, {"url": "https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a"}], "title": "iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: accel: fxls8962af: Se corrige el use-after-free en fxls8962af_fifo_flush. fxls8962af_fifo_flush() usa indio_dev->active_scan_mask (con iio_for_each_active_channel()) sin asegurarse de que indio_dev permanezca en modo b\u00fafer. Se produce una ejecuci\u00f3n si indio_dev sale del modo b\u00fafer en medio de la interrupci\u00f3n que vac\u00eda el fifo. Se corrige esto llamando a synchronize_irq() para garantizar que no haya ninguna interrupci\u00f3n en ejecuci\u00f3n al deshabilitar el modo b\u00fafer. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000 al leer [...] _find_first_bit_le de fxls8962af_fifo_flush+0x17c/0x290 fxls8962af_fifo_flush de fxls8962af_interrupt+0x80/0x178 fxls8962af_interrupt de irq_thread_fn+0x1c/0x7c irq_thread_fn de irq_thread+0x110/0x1f4 irq_thread de kthread+0xe0/0xfc kthread de ret_from_fork+0x14/0x2c"}], "id": "CVE-2025-38485", "lastModified": "2025-07-29T14:14:29.590", "metrics": {}, "published": "2025-07-28T12:15:30.487", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush", "id": "2383895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383895"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-38485", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38485\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38485\nhttps://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/T"], "threat_severity": "Moderate"}