Bug 2383895 (CVE-2025-38485) - CVE-2025-38485 kernel: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
Summary: CVE-2025-38485 kernel: iio: accel: fxls8962af: Fix use after free in fxls8962...
Keywords:
Status: NEW
Alias: CVE-2025-38485
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-28 12:01 UTC by OSIDB Bzimport
Modified: 2025-07-28 16:17 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-07-28 12:01:35 UTC 
In the Linux kernel, the following vulnerability has been resolved:

iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush

fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with
iio_for_each_active_channel()) without making sure the indio_dev
stays in buffer mode.
There is a race if indio_dev exits buffer mode in the middle of the
interrupt that flushes the fifo. Fix this by calling
synchronize_irq() to ensure that no interrupt is currently running when
disabling buffer mode.

Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[...]
_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290
fxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178
fxls8962af_interrupt from irq_thread_fn+0x1c/0x7c
irq_thread_fn from irq_thread+0x110/0x1f4
irq_thread from kthread+0xe0/0xfc
kthread from ret_from_fork+0x14/0x2c
Comment 1 Avinash Hanwate 2025-07-28 16:15:35 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.