CVE-2024-57907

HIGH EPSS 11.2%
Published Jan 19, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.9  –  <6.6.72
linuxlinux_kernel*≥6.7  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/38724591364e1e3b278b4053f102b49ea06ee17c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a95fbbecec7a34bbad5dcc3156700b8711d53c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64b79afdca7b27a768c7d3716b7f4deb1d6b955c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a07fb80ea886e9134284a27d0155cca7649e293
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8193941bc4fe7247ff13233f328aea709f574554
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85a9c98a5e0f22d911b00077d751e34fff1401aa
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/38724591364e1e3b278b4053f102b49ea06ee17c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a95fbbecec7a34bbad5dcc3156700b8711d53c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64b79afdca7b27a768c7d3716b7f4deb1d6b955c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a07fb80ea886e9134284a27d0155cca7649e293
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8193941bc4fe7247ff13233f328aea709f574554
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85a9c98a5e0f22d911b00077d751e34fff1401aa
    Patch