GHSA-8RQ5-MR4Q-Q969

Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-11-25 21:32
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ad7173: fix channels index for syscalib_mode

Fix the index used to look up the channel when accessing the syscalib_mode attribute. The address field is a 0-based index (same as scan_index) that it used to access the channel in the ad7173_channels array throughout the driver. The channels field, on the other hand, may not match the address field depending on the channel configuration specified in the device tree and could result in an out-of-bounds access.

Severity ?
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-11T17:15:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7173: fix channels index for syscalib_mode\n\nFix the index used to look up the channel when accessing the\nsyscalib_mode attribute. The address field is a 0-based index (same\nas scan_index) that it used to access the channel in the\nad7173_channels array throughout the driver. The channels field, on\nthe other hand, may not match the address field depending on the\nchannel configuration specified in the device tree and could result\nin an out-of-bounds access.",
  "id": "GHSA-8rq5-mr4q-q969",
  "modified": "2025-11-25T21:32:05Z",
  "published": "2025-09-11T18:35:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39786"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0eb8d7b25397330beab8ee62c681975b79f37223"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2def1a8691eb43654da0ae0d2fdb3722e20262a5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.