CVE-2024-57911

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57911
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57911.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57911
Downstream
Related
Published
2025-01-19T12:15:25Z
Modified
2025-08-09T20:01:27Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: dummy: iiosimplydummy_buffer: fix information leak in triggered buffer

The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iioforeachactivechannel() to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

References

Affected packages