CVE-2025-38142
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (asus-ec-sensors) check sensor index in read_string()
Prevent a potential invalid memory access when the requested sensor
is not found.
find_ec_sensor_index() may return a negative value (e.g. -ENOENT),
but its result was used without checking, which could lead to
undefined behavior when passed to get_sensor_info().
Add a proper check to return -EINVAL if sensor_index is negative.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[groeck: Return error code returned from find_ec_sensor_index]
hwmon: (asus-ec-sensors) check sensor index in read_string()
Prevent a potential invalid memory access when the requested sensor
is not found.
find_ec_sensor_index() may return a negative value (e.g. -ENOENT),
but its result was used without checking, which could lead to
undefined behavior when passed to get_sensor_info().
Add a proper check to return -EINVAL if sensor_index is negative.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[groeck: Return error code returned from find_ec_sensor_index]
Vulnerability Details
Published Date
Last Modified
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!