Memory Corruption Vulnerability in Linux Kernel's AD4851 and AD4858 Components
CVE-2025-38133

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38133?

A vulnerability in the Linux kernel affecting the AD4851 and AD4858 components has been identified, which arises from improper pointer handling during channel parsing. The issue occurs when an internal pointer is incremented each time a channel is populated without maintaining the reference to the base pointer. This can lead to the indio_dev->channels being assigned a pointer beyond the allocated array limit, posing risks of memory corruption and undefined behavior. The fix involves utilizing explicit indexing while iterating through channels to ensure correct setting of all channel metadata and to prevent accessing invalid memory locations.

Affected Version(s)

Linux 6250803fe2ec92be32a4df1c3a39c4a460d5bd58 < 6c3b9e1167d072ce2d01cafec7866647cf8d3616

Linux 6250803fe2ec92be32a4df1c3a39c4a460d5bd58 < 499a8cee812588905cc940837e69918c1649a19e

Linux 6.15

References

https://git.kernel.org/stable/c/6c3b9e1167d072ce2d01cafec...

https://git.kernel.org/stable/c/499a8cee812588905cc940837...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025