CVE-2025-38531

Throughout the various probe functions &indiodev->dev is used before it is initialized. This caused a kernel panic in stsensorspowerenable() when the call to devmregulatorbulkgetenable() fails and then calls deverrprobe() with the uninitialized device.

This seems to only cause a panic with deverrprobe(), deverr(), devwarn() and dev_info() don't seem to cause a panic, but are fixed as well.

The issue is reported and traced here: [1]

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38531.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4dff754876959b3f3b354800089bc8aaa3ec1d95

Fixed

f9d4b618f1b9e6d760cc7c15052b92f7faf47201

Fixed

610615c9668037e3eca11132063b93b2d945af13

Fixed

3297a9016a45144883ec990bd4bd5b1d79cafb46

Fixed

9f92e93e257b33e73622640a9205f8642ec16ddd

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38531.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.6.136

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.40

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38531.json"