CVE-2024-57906

Feb. 2, 2025, 11:15 a.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878
https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69
https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f
https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b
https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73
https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5
https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-01-19
CVE-2024-57906

Timeline

Published: Jan. 19, 2025, 12:15 p.m.
Last Modified: Feb. 2, 2025, 11:15 a.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.