SB2025090897 - Buffer overflow in Linux kernel iio light driver
Published: September 8, 2025
Security Bulletin ID
SB2025090897
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-39687)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the as73211_trigger_handler() function in drivers/iio/light/as73211.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/433b99e922943efdfd62b9a8e3ad1604838181f2
- https://git.kernel.org/stable/c/83f14c4ca1ad78fcfb3e0de07d6d8a0c59550fc2
- https://git.kernel.org/stable/c/8acd9a0eaa8c9a28e385c0a6a56bb821cb549771
- https://git.kernel.org/stable/c/99b508340d0d1b9de0856c48c77898b14c0df7cf
- https://git.kernel.org/stable/c/cce55ca4e7a221d5eb2c0b757a868eacd6344e4a
- https://git.kernel.org/stable/c/d8c5d87a431596e0e02bd7fe3bff952b002a03bb
- https://git.kernel.org/stable/c/fd441fd972067f80861a0b66605c0febb0d038dd