CVE-2024-57910

HIGH EPSS 11.6%
Published Jan 19, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.4.132  –  <5.4.290
linuxlinux_kernel*≥5.10.50  –  <5.10.234
linuxlinux_kernel*≥5.12.17  –  <5.13
linuxlinux_kernel*≥5.13.2  –  <5.15.177
linuxlinux_kernel*≥5.16  –  <6.1.125
linuxlinux_kernel*≥6.2  –  <6.6.72
linuxlinux_kernel*≥6.7  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c
    Patch