CVE-2024-57908

iio: imu: kmx61: fix information leak in triggered buffer

Description

In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c patch
https://git.kernel.org/stable/c/a386d9d2dc6635f2ec210b8199cfb3acf4d31305 patch
https://git.kernel.org/stable/c/a07f698084412a3ef5e950fcac1d6b0f53289efd patch
https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b patch
https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639 patch
https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d patch
https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b patch

Frequently Asked Questions

What is the severity of CVE-2024-57908?
CVE-2024-57908 has been scored as a high severity vulnerability.
How to fix CVE-2024-57908?
To fix CVE-2024-57908, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-57908 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-57908 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-57908?
CVE-2024-57908 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.