CVE-2025-39774
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: rzg2l_adc: Set driver data before enabling runtime PM
When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device (e.g., a thermal hardware block that reads temperature through the ADC), it may happen that the ADC device is runtime-resumed immediately after runtime PM is enabled, triggered by its consumer. At this point, since drvdata is not yet set and the driver's runtime PM callbacks rely on it, a crash can occur. To avoid this, set drvdata just after it was allocated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 89ee8174e8c8db0efc75b26f2307114b38d61354 < e7ce902db071a7b3e696a43d6e14ca57360deee6 | affected |
| Linux | Linux | 89ee8174e8c8db0efc75b26f2307114b38d61354 < c69e13965f26b8058f538ea8bdbd2d7718cf1fbe | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 6.16.4 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/e7ce902db071a7b3e696a43d6e14ca57360deee6
- https://git.kernel.org/stable/c/c69e13965f26b8058f538ea8bdbd2d7718cf1fbe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.