7.1

CVE-2024-57908

iio: imu: kmx61: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved:

iio: imu: kmx61: fix information leak in triggered buffer

The 'buffer' local array is used to push data to user space from a
triggered buffer, but it does not set values for inactive channels, as
it only uses iio_for_each_active_channel() to assign new values.

Initialize the array to zero before using it to avoid pushing
uninitialized information to userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.0 < 6.1.125
LinuxLinux Kernel Version >= 6.2 < 6.6.72
LinuxLinux Kernel Version >= 6.7 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c
Patch
https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d
Patch
https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b
Patch
https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b
Patch
https://git.kernel.org/stable/c/a07f698084412a3ef5e950fcac1d6b0f53289efd
Patch
https://git.kernel.org/stable/c/a386d9d2dc6635f2ec210b8199cfb3acf4d31305
Patch
https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html