CVE-2025-71198
Null Pointer Dereference in Linux st_lsm6dsx Sensor Event Handling
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stmicroelectronics | st_lsm6dsx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's iio: imu: st_lsm6dsx driver. The issue arises because the st_lsm6dsx_acc_channels array incorrectly indicates support for IIO events via a non-NULL event_spec field, even though not all sensors support event detection.
When userspace tries to configure accelerometer wakeup events on a sensor device that does not support them (such as the LSM6DS0), the function st_lsm6dsx_write_event() attempts to write to a wakeup register by dereferencing a NULL pointer, which can cause a crash or undefined behavior.
The fix involved defining an additional array of struct iio_chan_spec with NULL event_spec fields for sensors without event detection capability and using this array instead of the original one for those sensors.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to dereference a NULL pointer when userspace configures accelerometer wakeup events on unsupported sensors. This can lead to kernel crashes or instability, potentially causing system downtime or denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know