CVE-2025-39687
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39687
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's iio light as73211 driver involves uninitialized buffer holes that are copied to a kernel FIFO (kfifo) which user space can read. The issue is that these buffer holes were not zeroed out, potentially exposing unintended data. The fix ensures that these buffer holes are zeroed before being copied, preventing leakage of potentially sensitive data.

Impact Analysis

This vulnerability could lead to unintended disclosure of kernel memory contents to user space, potentially exposing sensitive information. This could be exploited by an attacker with access to the device to read data that should not be accessible, leading to privacy or security risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39687. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart