Buffer Vulnerability in Linux Kernel Affecting IIO Light Driver Products
CVE-2025-39687

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39687?

A vulnerability has been identified in the Linux kernel's IIO light driver for the as73211 sensor, where buffer holes were not properly zeroed when copied to a kernel FIFO (kfifo) accessible by user space. This oversight could potentially expose sensitive data retained in memory to unauthorized users. The issue requires attention to ensure appropriate memory management practices, emphasizing the importance of securing data before exposure in user space.

Affected Version(s)

Linux 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e

Linux 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e < 83f14c4ca1ad78fcfb3e0de07d6d8a0c59550fc2

References

https://git.kernel.org/stable/c/fd441fd972067f80861a0b666...

https://git.kernel.org/stable/c/d8c5d87a431596e0e02bd7fe3...

https://git.kernel.org/stable/c/83f14c4ca1ad78fcfb3e0de07...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025