CVE-2025-39786

11.09.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ad7173: fix channels index for syscalib_mode

Fix the index used to look up the channel when accessing the
syscalib_mode attribute. The address field is a 0-based index (same
as scan_index) that it used to access the channel in the
ad7173_channels array throughout the driver. The channels field, on
the other hand, may not match the address field depending on the
channel configuration specified in the device tree and could result
in an out-of-bounds access.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
trixie	6.12.43-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie (security)	6.12.41-1 fixed
forky	vulnerable
sid	6.16.6-1 fixed

References

https://git.kernel.org/stable/c/0eb8d7b25397330beab8ee62c681975b79f37223

https://git.kernel.org/stable/c/2def1a8691eb43654da0ae0d2fdb3722e20262a5