Use After Free Vulnerability in Linux Kernel Affecting FXLS8962AF Sensor
CVE-2025-38485

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38485?

A vulnerability in the Linux kernel has been identified within the FXLS8962AF sensor driver, specifically in the fxls8962af_fifo_flush function. This issue arises when the driver accesses the indio_dev->active_scan_mask without ensuring that the device remains in buffer mode. A potential race condition can occur if the device exits buffer mode during an interrupt that flushes the FIFO, leading to a kernel NULL pointer dereference. The resolution involves adding synchronization to ensure that no interrupt is currently running when disabling buffer mode, thus mitigating the risk associated with this vulnerability.

Affected Version(s)

Linux 79e3a5bdd9efbdf4e1069793d7735b432d641e7c < 6ecd61c201b27ad2760b3975437ad2b97d725b98

Linux 79e3a5bdd9efbdf4e1069793d7735b432d641e7c

References

https://git.kernel.org/stable/c/6ecd61c201b27ad2760b39754...

https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce...

https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025