CVE-2025-37970 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/159ca7f18129834b6f4c7eae67de48e96c752fc9
https://git.kernel.org/stable/c/3bb6c02d6fe8347ce1785016d135ff539c20043c
https://git.kernel.org/stable/c/6c4a5000618a8c44200d455c92e2f2a4db264717
https://git.kernel.org/stable/c/84e39f628a3a3333add99076e4d6c8b42b12d3a0
https://git.kernel.org/stable/c/a1cad8a3bca41dead9980615d35efc7bff1fd534
https://git.kernel.org/stable/c/da33c4167b9cc1266a97215114cb74679f881d0c
https://git.kernel.org/stable/c/f06a1a1954527cc4ed086d926c81ff236b2adde9
https://git.kernel.org/stable/c/f3cf233c946531a92fe651ff2bd15ebbe60630a7
https://lore.kernel.org/linux-cve-announce/2025052045-CVE-2025-37970-f6d0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37970
https://www.cve.org/CVERecord?id=CVE-2025-37970

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00061}`	epss `{'score': 0.00051}`

Wed, 04 Jun 2025 13:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/84e39f628a3a3333add99076e4d6c8b42b12d3a0 https://git.kernel.org/stable/c/f06a1a1954527cc4ed086d926c81ff236b2adde9

Wed, 21 May 2025 03:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025052045-CVE-2025-37970-f6d0@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37970 https://www.cve.org/CVERecord?id=CVE-2025-37970
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Tue, 20 May 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.
Title		iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
References		https://git.kernel.org/stable/c/159ca7f18129834b6f4c7eae67de48e96c752fc9 https://git.kernel.org/stable/c/3bb6c02d6fe8347ce1785016d135ff539c20043c https://git.kernel.org/stable/c/6c4a5000618a8c44200d455c92e2f2a4db264717 https://git.kernel.org/stable/c/a1cad8a3bca41dead9980615d35efc7bff1fd534 https://git.kernel.org/stable/c/da33c4167b9cc1266a97215114cb74679f881d0c https://git.kernel.org/stable/c/f3cf233c946531a92fe651ff2bd15ebbe60630a7

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-20T16:47:17.256Z

Updated: 2025-06-04T12:57:37.458Z

Reserved: 2025-04-16T04:51:23.975Z

Link: CVE-2025-37970

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-20T17:15:47.490

Modified: 2025-06-04T13:15:27.677

Link: CVE-2025-37970

Redhat

Severity : Moderate

Publid Date: 2025-05-20T00:00:00Z

Links: CVE-2025-37970 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object