Uninitialized Stack Data Exposure in Linux Kernel by Vendor
CVE-2025-39690

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39690?

In the Linux kernel, a potential issue has been identified in the IIO: accel driver for the sca3300 component, where uninitialized stack data could be inadvertently exposed to userspace applications. This vulnerability arises from the failure to zero out the 'channels' array before its use. To rectify this issue, measures have been implemented to ensure that this array is properly initialized, thus preventing the leakage of sensitive data. This fix emphasizes the importance of initializing stack data in driver development for enhanced security.

Affected Version(s)

Linux edeb67fbbf4b59a025a27891b92a9fc07e77d2f2

Linux edeb67fbbf4b59a025a27891b92a9fc07e77d2f2 < 4e5b705cc6147f0b9173c6219079f41416bdd3c0

Linux 6.16

References

https://git.kernel.org/stable/c/c88c04adb8611e436e1e773fd...

https://git.kernel.org/stable/c/4e5b705cc6147f0b9173c6219...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025