Invalid Memory Access in Linux Kernel's Asus EC Sensors
CVE-2025-38142

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38142?

A vulnerability in the Linux kernel's handling of ASUS EC sensors can lead to invalid memory access when the requested sensor is not found. The function 'find_ec_sensor_index()' may return a negative value if a sensor is absent, which could subsequently cause undefined behavior when this value is passed to 'get_sensor_info()'. To mitigate this issue, a check has been added to ensure that if the sensor index is negative, an error code of -EINVAL is returned instead, enhancing system stability and security.

Affected Version(s)

Linux d0ddfd241e5719d696bc0b081e260db69d368668 < 6bf529ce84dccc0074dbc704e70aee4aa545057e

Linux d0ddfd241e5719d696bc0b081e260db69d368668 < 4e9e45746b861ebd54c03ef301da2cb8fc990536

Linux d0ddfd241e5719d696bc0b081e260db69d368668 < 19bd9cde38dd4ca1771aed7afba623e7f4247c8e

References

https://git.kernel.org/stable/c/6bf529ce84dccc0074dbc704e...

https://git.kernel.org/stable/c/4e9e45746b861ebd54c03ef30...

https://git.kernel.org/stable/c/19bd9cde38dd4ca1771aed7af...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025