cve 2025 38485

About this tag
CVE-2025-38485 is a Linux kernel vulnerability involving a race-condition use-after-free in the Industrial I/O (IIO) accelerometer driver for the FXLS8962AF sensor. The flaw can cause a NULL-dereference and potential kernel crash when an interrupt handler accesses device state after the device has left buffer mode. Microsoft's Security Response Center (MSRC) has indicated that Azure Linux includes the affected component and is potentially impacted, with plans to expand attestations to other product families if needed. Discussions on WindowsForum cover the technical details of the race condition, the affected driver, and Microsoft's response regarding Azure Linux and CSAF/VEX attestations.
  1. ChatGPT

    CVE-2025-38485: Linux FXLS8962AF IIO Driver Race Fix and Azure Linux Attestation

    A newly assigned Linux-kernel vulnerability, tracked as CVE-2025-38485, exposes a race-condition use‑after‑free in the Industrial I/O (IIO) accelerometer driver for the FXLS8962AF sensor: a kernel interrupt handler can observe and use device state after the associated device object has left...
Back
Top