CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57911: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

The 'data' array is allocated via kmalloc() and it is used to push data
to user space from a triggered buffer, but it does not set values for
inactive channels, as it only uses iio_for_each_active_channel()
to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized
information to userspace.

Classification

CVE ID: CVE-2024-57911

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.03% (scored less or equal to compared to others)

EPSS Date: 2025-02-17 (when was this score calculated)

References

https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46

Timeline

2025-01-20 00:30:23 UTC
CVE

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer