7.1

CVE-2024-57906

iio: adc: ti-ads8688: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-ads8688: fix information leak in triggered buffer

The 'buffer' local array is used to push data to user space from a
triggered buffer, but it does not set values for inactive channels, as
it only uses iio_for_each_active_channel() to assign new values.

Initialize the array to zero before using it to avoid pushing
uninitialized information to userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.198 < 4.20
LinuxLinux Kernel Version >= 5.4.132 < 5.5
LinuxLinux Kernel Version >= 5.10.50 < 5.11
LinuxLinux Kernel Version >= 5.12.17 < 5.13
LinuxLinux Kernel Version >= 5.13.2 < 6.1.125
LinuxLinux Kernel Version >= 6.2 < 6.6.72
LinuxLinux Kernel Version >= 6.7 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878
Patch
https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69
Patch
https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f
Patch
https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b
Patch
https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73
Patch
https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5
Patch
https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html