CVE-2024-57910
iio: light: vcnl4035: fix information leak in triggered buffer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a
triggered buffer, but it does not set an initial value for the single
data element, which is an u16 aligned to 8 bytes. That leaves at least
4 bytes uninitialized even after writing an integer value with
regmap_read(). Initialize the array to zero before using it to avoid pushing
uninitialized information to userspace.
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-01-19 CVE Reserved
- 2025-01-19 CVE Published
- 2025-01-20 CVE Updated
- 2025-01-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ec90b52c07c0403a6db60d752484ec08d605ead0 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/da8ef748fec2d55db0ae424ab40eee0c737564aa | Vuln. Introduced | |
| https://git.kernel.org/stable/c/49739675048d372946c1ef136c466d5675eba9f0 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/d69f0d132563a63688efb0afb4dfeaa74a217306 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/4637815d7922c4bce3bacb13dd1fb5e9a7d167d8 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 6.1.125 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.125" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 6.6.72 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.72" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 6.12.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.12.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.4.132 Search vendor "Linux" for product "Linux Kernel" and version "5.4.132" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.10.50 Search vendor "Linux" for product "Linux Kernel" and version "5.10.50" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.12.17 Search vendor "Linux" for product "Linux Kernel" and version "5.12.17" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.13.2 Search vendor "Linux" for product "Linux Kernel" and version "5.13.2" | en |
Affected
| ||||||