7.1

CVE-2024-57910

iio: light: vcnl4035: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved:

iio: light: vcnl4035: fix information leak in triggered buffer

The 'buffer' local array is used to push data to userspace from a
triggered buffer, but it does not set an initial value for the single
data element, which is an u16 aligned to 8 bytes. That leaves at least
4 bytes uninitialized even after writing an integer value with
regmap_read().

Initialize the array to zero before using it to avoid pushing
uninitialized information to userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.132 < 5.4.290
LinuxLinux Kernel Version >= 5.10.50 < 5.10.234
LinuxLinux Kernel Version >= 5.12.17 < 5.13
LinuxLinux Kernel Version >= 5.13.2 < 5.15.177
LinuxLinux Kernel Version >= 5.16 < 6.1.125
LinuxLinux Kernel Version >= 6.2 < 6.6.72
LinuxLinux Kernel Version >= 6.7 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff
Patch
https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279
Patch
https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518
Patch
https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed
Patch
https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b
Patch
https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7
Patch
https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html