CVE-2025-38531 - Vulnerability Details

- iio: common: st_sensors: Fix use of uninitialize device structs

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: common: st_sensors: Fix use of uninitialize device structs

Throughout the various probe functions &indio_dev->dev is used before it
is initialized. This caused a kernel panic in st_sensors_power_enable()
when the call to devm_regulator_bulk_get_enable() fails and then calls
dev_err_probe() with the uninitialized device.

This seems to only cause a panic with dev_err_probe(), dev_err(),
dev_warn() and dev_info() don't seem to cause a panic, but are fixed
as well.

The issue is reported and traced here: [1]

Published: 2025-08-16

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the st_sensors driver within the Linux kernel. During probe initialization, the code references the device structure before it has been fully initialized. This results in an uninitialized access that triggers a kernel panic when processor reaches the dev_err_probe error handling path. The failure does not lead to data disclosure or integrity compromise; the principal impact is the loss of system availability due to a crash.

Affected Systems

The affected kernel releases are the 6.16 release‑candidate series (rc1 through rc6). Systems booting any of those kernel versions and loading the st_sensors driver are susceptible. No earlier stable releases are listed as affected.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector likely requires local or privileged access to force the driver into a failure state, such as a device that triggers regulator bulk get enable failures. No remote exploitation or direct data exfiltration is provided by this flaw; the threat is primarily disruption through a kernel crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4dff754876959b3f3b354800089bc8aaa3ec1d95`	affected	< f9d4b618f1b9e6d760cc7c15052b92f7faf47201
`4dff754876959b3f3b354800089bc8aaa3ec1d95`	affected	< 610615c9668037e3eca11132063b93b2d945af13
`4dff754876959b3f3b354800089bc8aaa3ec1d95`	affected	< 3297a9016a45144883ec990bd4bd5b1d79cafb46
`4dff754876959b3f3b354800089bc8aaa3ec1d95`	affected	< 9f92e93e257b33e73622640a9205f8642ec16ddd

Linux

affected

Version	Status	Constraints
`5.16`	affected	—
`0`	unaffected	< 5.16
`6.6.136`	unaffected	≤ 6.6.*
`6.12.40`	unaffected	≤ 6.12.*
`6.15.8`	unaffected	≤ 6.15.*
`6.16`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc6::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a patched version that includes the st_sensors fix, once available for the 6.16 release candidate series.
If a kernel upgrade cannot be applied immediately, unload or disable the st_sensors module to prevent the vulnerable probe from executing.
Monitor dmesg logs for dev_err_probe messages and verify that connected devices do not repeatedly trigger regulator bulk get enable failures, reducing the risk of future crashes.

Generated by OpenCVE AI on May 2, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-27886	In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a panic, but are fixed as well. The issue is reported and traced here: [1]
Ubuntu USN	USN-7879-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7879-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7880-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7879-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7879-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7934-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8028-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8031-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8028-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8028-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8028-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8031-2	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8028-6	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8031-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8052-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-8028-7	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8028-8	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-8052-2	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8074-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8074-2	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3297a9016a45144883ec990bd4bd5b1d79cafb46
https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13
https://git.kernel.org/stable/c/9f92e93e257b33e73622640a9205f8642ec16ddd
https://git.kernel.org/stable/c/f9d4b618f1b9e6d760cc7c15052b92f7faf47201
https://lore.kernel.org/linux-cve-announce/2025081655-CVE-2025-38531-abbc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38531
https://www.cve.org/CVERecord?id=CVE-2025-38531

History

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/f9d4b618f1b9e6d760cc7c15052b92f7faf47201

Tue, 18 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc6::::::

Tue, 19 Aug 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025081655-CVE-2025-38531-abbc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38531 https://www.cve.org/CVERecord?id=CVE-2025-38531
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 18 Aug 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Sat, 16 Aug 2025 11:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a panic, but are fixed as well. The issue is reported and traced here: [1]
Title		iio: common: st_sensors: Fix use of uninitialize device structs
References		https://git.kernel.org/stable/c/3297a9016a45144883ec990bd4bd5b1d79cafb46 https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13 https://git.kernel.org/stable/c/9f92e93e257b33e73622640a9205f8642ec16ddd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-16T11:12:24.405Z

Updated: 2026-05-11T21:29:49.607Z

Reserved: 2025-04-16T04:51:24.023Z

Link: CVE-2025-38531

Vulnrichment

No data.

NVD

Status : Modified

Published: 2025-08-16T12:15:28.693

Modified: 2026-04-27T14:16:25.817

Link: CVE-2025-38531

Redhat

Severity : Moderate

Publid Date: 2025-08-16T00:00:00Z

Links: CVE-2025-38531 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T08:30:26Z

Weaknesses

CWE-908

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object