CVE-2024-57911
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57911
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57911.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-57911
- Downstream
- Related
- Published
- 2025-01-19T12:15:25Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iio: dummy: iiosimplydummy_buffer: fix information leak in triggered buffer
The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iioforeachactivechannel() to assign new values.
Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.
- References
-
- https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
- https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
- https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
- https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
- https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
- https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
- https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019