CVE-2024-57905

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57905
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57905.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57905
Downstream
Related
Published
2025-01-19T11:52:29Z
Modified
2025-10-17T19:24:37.302341Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
iio: adc: ti-ads1119: fix information leak in triggered buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-ads1119: fix information leak in triggered buffer

The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized.

Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a9306887eba41c5fe7232727a8147da3d3c4f83c
Fixed
2f1687cca911a2f294313c762e0646cd9e7be8cc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a9306887eba41c5fe7232727a8147da3d3c4f83c
Fixed
75f339d3ecd38cb1ce05357d647189d4a7f7ed08

Affected versions

v6.*

v6.10
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.10