Vulnerability Details : CVE-2024-57906
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ti-ads8688: fix information leak in triggered buffer
The 'buffer' local array is used to push data to user space from a
triggered buffer, but it does not set values for inactive channels, as
it only uses iio_for_each_active_channel() to assign new values.
Initialize the array to zero before using it to avoid pushing
uninitialized information to userspace.
Products affected by CVE-2024-57906
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-57906
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-57906
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
NIST | 2025-02-18 |
CWE ids for CVE-2024-57906
-
The product uses or accesses a resource that has not been initialized.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-57906
-
https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69
iio: adc: ti-ads8688: fix information leak in triggered buffer - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d
iio: adc: ti-ads8688: fix information leak in triggered buffer - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b
iio: adc: ti-ads8688: fix information leak in triggered buffer - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/1c80a0985a9a14f33dbf63cd703ca010f094f878
Patch
-
https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73
iio: adc: ti-ads8688: fix information leak in triggered buffer - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/3bf8d1e87939b8a19c9b738564fddf5b73322f2f
iio: adc: ti-ads8688: fix information leak in triggered buffer - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/aae96738006840533cf147ffd5f41830987f21c5
Patch
Jump to