Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-57905

Опубликовано: 19 янв. 2025
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-ads1119: fix information leak in triggered buffer

The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized.

Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.11 (включая) до 6.12.10 (исключая)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS3

Дефекты

CWE-908
CWE-908

Связанные уязвимости

ubuntu логотип

CVE-2024-57905

CVSS3: 7.1
ubuntu
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

redhat логотип

CVE-2024-57905

CVSS3: 7.1
redhat
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

debian логотип

CVE-2024-57905

CVSS3: 7.1
debian
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-cm46-j2rc-99mf

CVSS3: 7.1
github
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

fstec логотип

BDU:2025-10568

CVSS3: 7.1
fstec
11 месяцев назад

Уязвимость функции ads1119_trigger_handler() модуля drivers/iio/adc/ti-ads1119.c - драйвера поддержки различных типов встроенных датчиков ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS3

Дефекты

CWE-908
CWE-908