7.1

CVE-2024-57911

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved:

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

The 'data' array is allocated via kmalloc() and it is used to push data
to user space from a triggered buffer, but it does not set values for
inactive channels, as it only uses iio_for_each_active_channel()
to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized
information to userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.5 < 5.4.290
LinuxLinux Kernel Version >= 5.5 < 5.10.234
LinuxLinux Kernel Version >= 5.11 < 5.15.177
LinuxLinux Kernel Version >= 5.16 < 6.1.125
LinuxLinux Kernel Version >= 6.2 < 6.6.72
LinuxLinux Kernel Version >= 6.7 < 6.12.10
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
LinuxLinux Kernel Version6.13 Updaterc5
LinuxLinux Kernel Version6.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
Patch
https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
Patch
https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
Patch
https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
Patch
https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
Patch
https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
Patch
https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html