CVE-2024-57911

HIGH EPSS 11.7%
Published Jan 19, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.5  –  <5.4.290
linuxlinux_kernel*≥5.5  –  <5.10.234
linuxlinux_kernel*≥5.11  –  <5.15.177
linuxlinux_kernel*≥5.16  –  <6.1.125
linuxlinux_kernel*≥6.2  –  <6.6.72
linuxlinux_kernel*≥6.7  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/006073761888a632c5d6f93e47c41760fa627f77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/03fa47621bf8fcbf5994c5716021527853f9af3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1c1e8c05010103c9c9ea3e9c4304b0b7e2c8e4a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019
    Patch