AZL-70454

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70454.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70454

Upstream

CVE-2025-38531

Published

2025-08-16T12:15:28Z

Modified

2026-04-01T05:21:55.895575Z

Summary

CVE-2025-38531 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: common: st_sensors: Fix use of uninitialize device structs

Throughout the various probe functions &indiodev->dev is used before it is initialized. This caused a kernel panic in stsensorspowerenable() when the call to devmregulatorbulkgetenable() fails and then calls deverrprobe() with the uninitialized device.

This seems to only cause a panic with deverrprobe(), deverr(), devwarn() and dev_info() don't seem to cause a panic, but are fixed as well.

The issue is reported and traced here: [1]

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38531

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70454.json"