AZL-56235

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56235.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56235

Upstream

CVE-2024-57911

Published

2025-01-19T12:15:25Z

Modified

2026-04-01T05:19:44.937653Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

CVE-2024-57911 affecting package kernel for versions less than 5.15.180.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: dummy: iiosimplydummy_buffer: fix information leak in triggered buffer

The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iioforeachactivechannel() to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57911

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.180.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56235.json"