CVE-2025-39774

Source
https://cve.org/CVERecord?id=CVE-2025-39774
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39774.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39774
Downstream
Published
2025-09-11T16:56:27.505Z
Modified
2026-04-02T12:48:08.888649Z
Summary
iio: adc: rzg2l_adc: Set driver data before enabling runtime PM
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: rzg2l_adc: Set driver data before enabling runtime PM

When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device (e.g., a thermal hardware block that reads temperature through the ADC), it may happen that the ADC device is runtime-resumed immediately after runtime PM is enabled, triggered by its consumer. At this point, since drvdata is not yet set and the driver's runtime PM callbacks rely on it, a crash can occur. To avoid this, set drvdata just after it was allocated.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39774.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89ee8174e8c8db0efc75b26f2307114b38d61354
Fixed
e7ce902db071a7b3e696a43d6e14ca57360deee6
Fixed
c69e13965f26b8058f538ea8bdbd2d7718cf1fbe

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39774.json"