CVE-2024-57911

HIGH

Linux Kernel - Information Disclosure via Uninitialized Memory in IIO Dummy Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

References (9)

Core 9

Scores

CVSS v3 7.1
EPSS 0.0021
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-908
Status published
Products (24)
linux/Kernel 4.5.0 - 5.4.290linux
linux/Kernel 5.11.0 - 5.15.177linux
linux/Kernel 5.16.0 - 6.1.125linux
linux/Kernel 5.5.0 - 5.10.234linux
linux/Kernel 6.2.0 - 6.6.72linux
linux/Kernel 6.7.0 - 6.12.10linux
Linux/Linux < 4.5
Linux/Linux 4.5
Linux/Linux 415f792447572ef1949a3cef5119bbce8cc66373 - 006073761888a632c5d6f93e47c41760fa627f77
Linux/Linux 415f792447572ef1949a3cef5119bbce8cc66373 - 03fa47621bf8fcbf5994c5716021527853f9af3d
... and 14 more
Published Jan 19, 2025
Tracked Since Feb 18, 2026