CVE-2024-57906

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878	Patch
https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69	Patch
https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f	Patch
https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b	Patch
https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73	Patch
https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5	Patch
https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::

History

18 Feb 2025, 13:40

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
CWE		CWE-908
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~() https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878 -~~	() https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878 - Patch
References	~~() https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69 -~~	() https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69 - Patch
References	~~() https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f -~~	() https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f - Patch
References	~~() https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b -~~	() https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b - Patch
References	~~() https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73 -~~	() https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73 - Patch
References	~~() https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5 -~~	() https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5 - Patch
References	~~() https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d -~~	() https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d - Patch

02 Feb 2025, 11:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878 - () https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f -

23 Jan 2025, 17:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: ti-ads8688: se corrige la fuga de información en el búfer activado La matriz local 'buffer' se utiliza para enviar datos al espacio de usuario desde un búfer activado, pero no establece valores para canales inactivos, ya que solo utiliza iio_for_each_active_channel() para asignar nuevos valores. Inicialice la matriz a cero antes de usarla para evitar enviar información no inicializada al espacio de usuario.
References		() https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5 -

19 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-19 12:15

Updated : 2025-02-18 13:40

NVD link : CVE-2024-57906

Mitre link : CVE-2024-57906

CVE.ORG link : CVE-2024-57906

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

7.1 /10