CVE-2025-39687

Vulnerability

The Linux kernel's IIO (Industrial I/O) subsystem driver for the AMS AS73211 light sensor (drivers/iio/light/as73211.c) contains a memory initialization flaw. When preparing data for the IIO buffer that is subsequently copied into a kfifo accessible to user space, the driver fails to zero the entire buffer structure. This leaves "holes" — uninitialized padding or reserved fields — containing stale kernel memory values [1].

Exploitation

An attacker does not need special privileges to trigger the leak; any process with access to the IIO device (e.g., via sysfs or devfs entries) can read from the buffer. The vulnerability is exposed when user space reads the captured sensor data through the IIO character device or via sysfs trigger buffers. No authentication is required beyond standard file-system permissions for the IIO device node [1].

Impact

A local user can read uninitialized kernel heap memory, potentially disclosing sensitive information such as cryptographic keys, passwords, or other kernel data. The CVE is rated High (CVSS 7.1), reflecting the confidentiality impact from the information leak [1].

Mitigation

The fix was committed to the Linux kernel stable branches. The patch ensures the buffer pointer is zeroed before each capture, eliminating any uninitialized gaps. Users should apply the latest stable kernel updates containing commit identifiers from the referenced content. The vulnerability affects all versions prior to the fix [1][2].