CVE-2026-31764

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only<br /> <br /> The st_lsm6dsx_hwfifo_odr_store() function, which is called when userspace<br /> writes the buffer sampling frequency sysfs attribute, calls<br /> st_lsm6dsx_check_odr(), which accesses the odr_table array at index<br /> `sensor-&gt;id`; since this array is only 2 entries long, an access for any<br /> sensor type other than accelerometer or gyroscope is an out-of-bounds<br /> access.<br /> <br /> The motivation for being able to set a buffer frequency different from the<br /> sensor sampling frequency is to support use cases that need accurate event<br /> detection (which requires a high sampling frequency) while retrieving<br /> sensor data at low frequency. Since all the supported event types are<br /> generated from acceleration data only, do not create the buffer sampling<br /> frequency attribute for sensor types other than the accelerometer.