CVE-2024-57908

HIGH EPSS 11.7%
Published Jan 19, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.0  –  <6.1.125
linuxlinux_kernel*≥6.2  –  <6.6.72
linuxlinux_kernel*≥6.7  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a07f698084412a3ef5e950fcac1d6b0f53289efd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a386d9d2dc6635f2ec210b8199cfb3acf4d31305
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a07f698084412a3ef5e950fcac1d6b0f53289efd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a386d9d2dc6635f2ec210b8199cfb3acf4d31305
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639
    Patch