CVE-2024-57911
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values.
Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < 03fa47621bf8fcbf5994c5716021527853f9af3d | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < 006073761888a632c5d6f93e47c41760fa627f77 | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < b0642d9c871aea1f28eb02cd84d60434df594f67 | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < 74058395b2c63c8a438cf199d09094b640f8c7f4 | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < ea703cda36da0dacb9a2fd876370003197d8a019 | affected |
| Linux | Linux | 415f792447572ef1949a3cef5119bbce8cc66373 < 333be433ee908a53f283beb95585dfc14c8ffb46 | affected |
| Linux | Linux | 4.5 | affected |
| Linux | Linux | 0 < 4.5 | unaffected |
| Linux | Linux | 5.4.290 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.234 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.177 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.125 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.72 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.10 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
References
- https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
- https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
- https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
- https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
- https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
- https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
- https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.