VDB
CISA-2024-57907
CISA-2024-57907
PUBLISHED
CVSS 7.1 HIGH
Reported by Linux · Published January 19, 2025
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Risk Scores
CVSS 3.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 4e130dc7b41348b13684f0758c26cc6cf72a3449, 4e130dc7b41348b13684f0758c26cc6cf72a3449, 4e130dc7b41348b13684f0758c26cc6cf72a3449 |
| Linux | Linux | 5.9, 0, 5.10.234 |
| linux | linux_kernel | 5.9, 5.9, 5.9 |
| Linux | Linux | 4e130dc7b41348b13684f0758c26cc6cf72a3449, 4e130dc7b41348b13684f0758c26cc6cf72a3449, 4e130dc7b41348b13684f0758c26cc6cf72a3449 |
Timeline
- Jan 19, 2025 CVE Published
- Nov 3, 2025 CVE Updated