CVE-2024-57910

Summary

In the Linux kernel, the following vulnerability has been resolved:

iio: light: vcnl4035: fix information leak in triggered buffer

The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read().

Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxda8ef748fec2d55db0ae424ab40eee0c737564aa < 13e56229fc81051a42731046e200493c4a7c28ffaffected
LinuxLinux49739675048d372946c1ef136c466d5675eba9f0 < b0e9c11c762e4286732d80e66c08c2cb3157b06baffected
LinuxLinuxec90b52c07c0403a6db60d752484ec08d605ead0 < cb488706cdec0d6d13f2895bcdf0c32b283a7cc7affected
LinuxLinuxec90b52c07c0403a6db60d752484ec08d605ead0 < 47d245be86492974db3aeb048609542167f56518affected
LinuxLinuxec90b52c07c0403a6db60d752484ec08d605ead0 < a15ea87d4337479c9446b5d71616f4668337afedaffected
LinuxLinuxec90b52c07c0403a6db60d752484ec08d605ead0 < f6fb1c59776b4263634c472a5be8204c906ffc2caffected
LinuxLinuxec90b52c07c0403a6db60d752484ec08d605ead0 < 47b43e53c0a0edf5578d5d12f5fc71c019649279affected
LinuxLinuxd69f0d132563a63688efb0afb4dfeaa74a217306affected
LinuxLinux4637815d7922c4bce3bacb13dd1fb5e9a7d167d8affected
LinuxLinux5.4.132 < 5.4.290affected
LinuxLinux5.10.50 < 5.10.234affected
LinuxLinux5.12.17 < 5.13affected
LinuxLinux5.13.2 < 5.14affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.4.290 <= 5.4.*unaffected
LinuxLinux5.10.234 <= 5.10.*unaffected
LinuxLinux5.15.177 <= 5.15.*unaffected
LinuxLinux6.1.125 <= 6.1.*unaffected
LinuxLinux6.6.72 <= 6.6.*unaffected
LinuxLinux6.12.10 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References