CVE-2024-57908

Summary

In the Linux kernel, the following vulnerability has been resolved:

iio: imu: kmx61: fix information leak in triggered buffer

The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values.

Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < 0871eb8d700b33dd7fa86c80630d62ddaef58c2caffected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < a386d9d2dc6635f2ec210b8199cfb3acf4d31305affected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < a07f698084412a3ef5e950fcac1d6b0f53289efdaffected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < 6985ba4467e4b15b809043fa7740d1fb23a1897baffected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < cde312e257b59ecaa0fad3af9ec7e2370bb24639affected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < 565814cbbaa674d2901428796801de49a611e59daffected
LinuxLinuxc3a23ecc0901f624b681bbfbc4829766c5aa3070 < 6ae053113f6a226a2303caa4936a4c37f3bfff7baffected
LinuxLinux4.0affected
LinuxLinux0 < 4.0unaffected
LinuxLinux5.4.290 <= 5.4.*unaffected
LinuxLinux5.10.234 <= 5.10.*unaffected
LinuxLinux5.15.177 <= 5.15.*unaffected
LinuxLinux6.1.125 <= 6.1.*unaffected
LinuxLinux6.6.72 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References