CVE-2025-71198
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux st_lsm6dsx Sensor Event Handling

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL event_spec field, indicating support for IIO events. However, event detection is not supported for all sensors, and if userspace tries to configure accelerometer wakeup events on a sensor device that does not support them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences a NULL pointer when trying to write to the wakeup register. Define an additional struct iio_chan_spec array whose members have a NULL event_spec field, and use this array instead of st_lsm6dsx_acc_channels for sensors without event detection capability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71198
EUVD
EUVD-2025-206799
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
stmicroelectronics st_lsm6dsx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's iio: imu: st_lsm6dsx driver. The issue arises because the st_lsm6dsx_acc_channels array incorrectly indicates support for IIO events via a non-NULL event_spec field, even though not all sensors support event detection.

When userspace tries to configure accelerometer wakeup events on a sensor device that does not support them (such as the LSM6DS0), the function st_lsm6dsx_write_event() attempts to write to a wakeup register by dereferencing a NULL pointer, which can cause a crash or undefined behavior.

The fix involved defining an additional array of struct iio_chan_spec with NULL event_spec fields for sensors without event detection capability and using this array instead of the original one for those sensors.

Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer when userspace configures accelerometer wakeup events on unsupported sensors. This can lead to kernel crashes or instability, potentially causing system downtime or denial of service.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart