CVE-2025-38531

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38531

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38531.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38531

Downstream

BELL-CVE-2025-38531

DEBIAN-CVE-2025-38531

ECHO-0955-f512-a3ce

SUSE-SU-2025:03301-1

UBUNTU-CVE-2025-38531

Related

SUSE-SU-2025:03301-1

Published

2025-08-16T12:15:28Z

Modified

2025-08-30T18:01:36Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: common: st_sensors: Fix use of uninitialize device structs

Throughout the various probe functions &indiodev->dev is used before it is initialized. This caused a kernel panic in stsensorspowerenable() when the call to devmregulatorbulkgetenable() fails and then calls deverrprobe() with the uninitialized device.

This seems to only cause a panic with deverrprobe(), deverr(), devwarn() and dev_info() don't seem to cause a panic, but are fixed as well.

The issue is reported and traced here: [1]

References

Affected packages