Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-57911

UNKNOWN
Published 2025-01-19T11:52:33.806Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-57911. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

The 'data' array is allocated via kmalloc() and it is used to push data
to user space from a triggered buffer, but it does not set values for
inactive channels, as it only uses iio_for_each_active_channel()
to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized
information to userspace.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373 415f792447572ef1949a3cef5119bbce8cc66373
Linux

Linux

Affected Versions:

4.5 0 5.4.290 5.10.234 5.15.177 6.1.125 6.6.72 6.12.10 6.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-2w6v-cv9c-qwv2

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-57911
WEB https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
WEB https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
WEB https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
WEB https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
WEB https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
WEB https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
WEB https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019

Advisory provided by GitHub Security Advisory Database. Published: January 19, 2025, Modified: February 3, 2025

References

https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
Published: 2025-01-19T11:52:33.806Z
Last Modified: 2025-05-04T10:06:28.893Z
Copied to clipboard!