CVE-2025-38133
- Source
- https://cve.org/CVERecord?id=CVE-2025-38133
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38133.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38133
- Downstream
- Published
- 2025-07-03T08:35:36.802Z
- Modified
- 2026-04-02T12:47:49.318288Z
- Summary
- iio: adc: ad4851: fix ad4858 chan pointer handling
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad4851: fix ad4858 chan pointer handling
The pointer returned from ad4851parsechannelscommon() is incremented internally as each channel is populated. In ad4858parsechannels(), the same pointer was further incremented while setting extscantype fields for each channel. This resulted in indiodev->channels being set to a pointer past the end of the allocated array, potentially causing memory corruption or undefined behavior.
Fix this by iterating over the channels using an explicit index instead of incrementing the pointer. This preserves the original base pointer and ensures all channel metadata is set correctly.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38133.json" }- References
-
- https://git.kernel.org/stable/c/499a8cee812588905cc940837e69918c1649a19e
- https://git.kernel.org/stable/c/6c3b9e1167d072ce2d01cafec7866647cf8d3616
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38133.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38133
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git