CVE-2025-71198

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The st lsm6dsx acc channels array within the Linux kernel's IIO subsystem contains a non-NULL event spec field, incorrectly indicating support for IIO events on sensors that lack this capability. When userspace attempts to configure accelerometer wakeup events on a sensor without event detection support, such as the LSM6DS0, the st lsm6dsx write event() function attempts to write to a wakeup register, resulting in a NULL pointer dereference. The issue is addressed by defining a separate iio chan spec array with NULL event spec fields for sensors lacking event detection, and utilizing this array instead of st lsm6dsx acc channels for those sensors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-71198

ECHO-4FA3-D9C5-A303

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Lsm6Ds0

Linux Kernel

Ubuntu

CVE-2025-71198

Related Identifiers

Affected Products

References · 1773