Out-of-Bounds Access Vulnerability in Linux Kernel AD7173 Module
CVE-2025-39786

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39786?

This vulnerability in the Linux kernel's AD7173 module arises from incorrect handling of channel indexing during access to the syscalib_mode attribute. The flaw exists because the address field uses a 0-based index, while the channels field may vary based on the device tree's channel configuration. As a result, this mismatch can lead to out-of-bounds access, potentially compromising system integrity and security.

Affected Version(s)

Linux 031bdc8aee01b7b298159eee541844d8bff4467d < 2def1a8691eb43654da0ae0d2fdb3722e20262a5

Linux 031bdc8aee01b7b298159eee541844d8bff4467d < 0eb8d7b25397330beab8ee62c681975b79f37223

Linux 6.14

References

https://git.kernel.org/stable/c/2def1a8691eb43654da0ae0d2...

https://git.kernel.org/stable/c/0eb8d7b25397330beab8ee62c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025