216.73.217.22

CVE-2024-57910

· Published 19/01/2025 12:15 · Modified 03/02/2025 14:48

Labels: CVE-2024-57910 2025-01-19416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-57910CWE-908

Essential information

Published
19/01/2025 12:15
Modified
03/02/2025 14:48
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*

References