7.1

CVE-2025-39786

EPSS 0.02%
Veröffentlicht 11.09.2025 16:56:35
Zuletzt bearbeitet 25.11.2025 18:44:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ad7173: fix channels index for syscalib_mode

Fix the index used to look up the channel when accessing the
syscalib_mode attribute. The address field is a 0-based index (same
as scan_index) that it used to access the channel in the
ad7173_channels array throughout the driver. The channels field, on
the other hand, may not match the address field depending on the
channel configuration specified in the device tree and could result
in an out-of-bounds access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.14 < 6.16.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/2def1a8691eb43654da0ae0d2fdb3722e20262a5

Patch

https://git.kernel.org/stable/c/0eb8d7b25397330beab8ee62c681975b79f37223

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-39786

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39786

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39786

EUVD