CVE-2025-38531

{"id": "CVE-2025-38531", "cveTags": [], "metrics": {}, "published": "2025-08-16T12:15:28.693", "references": [{"url": "https://git.kernel.org/stable/c/3297a9016a45144883ec990bd4bd5b1d79cafb46", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9f92e93e257b33e73622640a9205f8642ec16ddd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions &indio_dev->dev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don't seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: common: st_sensors: Se corrige el uso de estructuras de dispositivo sin inicializar. En las diversas funciones de sondeo, se usa &indio_dev->dev antes de su inicializaci\u00f3n. Esto provocaba un p\u00e1nico del kernel en st_sensors_power_enable() cuando la llamada a devm_regulator_bulk_get_enable() falla y luego se llama a dev_err_probe() con el dispositivo sin inicializar. Esto parece causar un p\u00e1nico solo con dev_err_probe(); dev_err(), dev_warn() y dev_info() no parecen causarlo, pero tambi\u00e9n se han corregido. El problema se reporta y rastrea aqu\u00ed: [1]"}], "lastModified": "2025-08-18T20:16:28.750", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}