CVE-2025-39786
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's ad7173 ADC driver. It involves an incorrect index used to access channels when handling the syscalib_mode attribute. Specifically, the driver used the 'channels' field instead of the correct 0-based 'address' index to access the ad7173_channels array. Because the 'channels' field may not correspond to the 'address' field depending on device tree configuration, this could lead to out-of-bounds array access.
How can this vulnerability impact me? :
The incorrect channel index access can cause out-of-bounds memory access in the kernel driver. This could potentially lead to system instability, crashes, or unexpected behavior in the affected device's ADC functionality. However, specific impacts such as privilege escalation or data corruption are not detailed.