CVE-2024-57907

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57907
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57907.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57907
Downstream
Related
Published
2025-01-19T11:52:31.039Z
Modified
2025-11-28T02:33:50.665067Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
iio: adc: rockchip_saradc: fix information leak in triggered buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: rockchip_saradc: fix information leak in triggered buffer

The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iioforeachactivechannel() to assign new values.

Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57907.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4e130dc7b41348b13684f0758c26cc6cf72a3449
Fixed
85a9c98a5e0f22d911b00077d751e34fff1401aa
Fixed
7a07fb80ea886e9134284a27d0155cca7649e293
Fixed
64b79afdca7b27a768c7d3716b7f4deb1d6b955c
Fixed
5a95fbbecec7a34bbad5dcc3156700b8711d53c4
Fixed
8193941bc4fe7247ff13233f328aea709f574554
Fixed
38724591364e1e3b278b4053f102b49ea06ee17c

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.9.0
Fixed
5.10.234
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.177
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.127
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.72
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.10