AZL-67022

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67022.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67022

Upstream

CVE-2025-39719

Published

2025-09-05T18:15:49Z

Modified

2026-04-01T05:21:06.489855Z

Summary

CVE-2025-39719 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: imu: bno055: fix OOB access of hw_xlate array

Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c.

In bno055getregmask(), hwxlate was iterated over the length of the vals array instead of the length of the hwxlate array. In the case of bno055gyrscale, the vals array is larger than the hwxlate array, so this could result in an out-of-bounds access. In practice, this shouldn't happen though because a match should always be found which breaks out of the for loop before it iterates beyond the end of the hwxlate array.

By adding a new hwxlatelen field to the bno055sysfsattr, we can be sure we are iterating over the correct length.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39719

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67022.json"