VDB

CISA-2024-57912

CISA-2024-57912 PUBLISHED CVSS 7.1 HIGH

Reported by Linux · Published January 19, 2025

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Risk Scores

CVSS 3.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinux03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1, 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1, 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1
LinuxLinux4.9, 0, 5.4.290
LinuxLinux6.6.72, 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1, 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1
linuxlinux_kernel4.9, 4.9, 4.9

Timeline

  • Jan 19, 2025 CVE Published
  • Nov 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›