In the Linux kernel, the following vulnerability has been resolved:
iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only
The stlsm6dsxhwfifoodrstore() function, which is called when userspace
writes the buffer sampling frequency sysfs attribute, calls
stlsm6dsxcheckodr(), which accesses the odrtable array at index
sensor->id; since this array is only 2 entries long, an access for any
sensor type other than accelerometer or gyroscope is an out-of-bounds
access.
The motivation for being able to set a buffer frequency different from the sensor sampling frequency is to support use cases that need accurate event detection (which requires a high sampling frequency) while retrieving sensor data at low frequency. Since all the supported event types are generated from acceleration data only, do not create the buffer sampling frequency attribute for sensor types other than the accelerometer.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31764.json",
"cna_assigner": "Linux"
}