CVE-2024-57905

EPSS 0.04%
Published 19.01.2025 12:15:24
Last modified 01.10.2025 20:18:01
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-ads1119: fix information leak in triggered buffer

The 'scan' local struct is used to push data to user space from a
triggered buffer, but it has a hole between the sample (unsigned int)
and the timestamp. This hole is never initialized.

Initialize the struct to zero before using it to avoid pushing
uninitialized information to userspace.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.11 < 6.12.10

Linux ≫ Linux Kernel Version6.13 Updaterc1

Linux ≫ Linux Kernel Version6.13 Updaterc2

Linux ≫ Linux Kernel Version6.13 Updaterc3

Linux ≫ Linux Kernel Version6.13 Updaterc4

Linux ≫ Linux Kernel Version6.13 Updaterc5

Linux ≫ Linux Kernel Version6.13 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/2f1687cca911a2f294313c762e0646cd9e7be8cc

Patch

https://git.kernel.org/stable/c/75f339d3ecd38cb1ce05357d647189d4a7f7ed08

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-57905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-57905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-57905

EUVD