CVE-2025-39774
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2l_adc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device (e.g., a thermal hardware block that reads temperature through the ADC), it may happen that the ADC device is runtime-resumed immediately after runtime PM is enabled, triggered by its consumer. At this point, since drvdata is not yet set and the driver's runtime PM callbacks rely on it, a crash can occur. To avoid this, set drvdata just after it was allocated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39774
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's rzg2l_adc driver. When the ADC device is repeatedly unbound and bound in a loop during stress testing, and the ADC supplies data to another device (like a thermal sensor), the ADC may be resumed by runtime power management before its driver data (drvdata) is set. Since the runtime PM callbacks depend on drvdata being set, this can cause a system crash. The fix involves setting the driver data immediately after allocation to prevent this issue.

Impact Analysis

This vulnerability can cause system crashes during runtime power management operations involving the ADC device, especially under stress conditions where the device is repeatedly unbound and bound. Such crashes can lead to system instability, potential data loss, or disruption of services relying on the ADC and its consumer devices.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the issue is resolved by setting the driver data (drvdata) before enabling runtime PM for the rzg2l_adc driver. Avoid stress-testing scenarios that repeatedly unbind and bind the ADC device until the fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39774. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart