CVE-2024-57911
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57911
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57911.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-57911
- Downstream
- Related
- Published
- 2025-01-19T11:52:33.806Z
- Modified
- 2025-11-28T02:34:36.595971Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iio: dummy: iiosimplydummy_buffer: fix information leak in triggered buffer
The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iioforeachactivechannel() to assign new values.
Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57911.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
- https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
- https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
- https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
- https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
- https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
- https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57911.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-57911
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced415f792447572ef1949a3cef5119bbce8cc66373Fixed03fa47621bf8fcbf5994c5716021527853f9af3dFixede1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4aFixed006073761888a632c5d6f93e47c41760fa627f77Fixedb0642d9c871aea1f28eb02cd84d60434df594f67Fixed74058395b2c63c8a438cf199d09094b640f8c7f4Fixedea703cda36da0dacb9a2fd876370003197d8a019Fixed333be433ee908a53f283beb95585dfc14c8ffb46
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.5.0Fixed5.4.290
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.234
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.177
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.125
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.72
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.10