Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-57909

Опубликовано: 19 янв. 2025
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

iio: light: bh1745: fix information leak in triggered buffer

The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values.

Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.12 (включая) до 6.12.10 (исключая)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS3

Дефекты

CWE-908
CWE-908

Связанные уязвимости

ubuntu логотип

CVE-2024-57909

CVSS3: 7.1
ubuntu
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

redhat логотип

CVE-2024-57909

CVSS3: 7.1
redhat
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

debian логотип

CVE-2024-57909

CVSS3: 7.1
debian
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-52cr-8q5h-6fpf

CVSS3: 7.1
github
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

fstec логотип

BDU:2025-10567

CVSS3: 7.1
fstec
11 месяцев назад

Уязвимость функции bh1745_trigger_handler() модуля drivers/iio/light/bh1745.c - драйвера поддержки фото-датчиков ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS3

Дефекты

CWE-908
CWE-908