CVE-2026-31764

EPSS 0.02%
Veröffentlicht 01.05.2026 14:14:55
Zuletzt bearbeitet 08.05.2026 18:04:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only

In the Linux kernel, the following vulnerability has been resolved:

iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only

The st_lsm6dsx_hwfifo_odr_store() function, which is called when userspace
writes the buffer sampling frequency sysfs attribute, calls
st_lsm6dsx_check_odr(), which accesses the odr_table array at index
`sensor->id`; since this array is only 2 entries long, an access for any
sensor type other than accelerometer or gyroscope is an out-of-bounds
access.

The motivation for being able to set a buffer frequency different from the
sensor sampling frequency is to support use cases that need accurate event
detection (which requires a high sampling frequency) while retrieving
sensor data at low frequency. Since all the supported event types are
generated from acceleration data only, do not create the buffer sampling
frequency attribute for sensor types other than the accelerometer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 7 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.12

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/3225a81e8d264442b14c7c1bc965ebafa3c0ee01

Patch

https://git.kernel.org/stable/c/679c04c10d65d32a3f269e696b22912ff0a001b9

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-31764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31764

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31764