Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-57910

Опубликовано: 19 янв. 2025
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

iio: light: vcnl4035: fix information leak in triggered buffer

The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read().

Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.4.132 (включая) до 5.4.290 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.10.50 (включая) до 5.10.234 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.12.17 (включая) до 5.13 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.13.2 (включая) до 5.15.177 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.125 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.72 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.10 (исключая)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3

Дефекты

CWE-908

Связанные уязвимости

ubuntu логотип

CVE-2024-57910

CVSS3: 7.1
ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

redhat логотип

CVE-2024-57910

CVSS3: 6
redhat
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

msrc логотип

CVE-2024-57910

CVSS3: 7.1
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2024-57910

CVSS3: 7.1
debian
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-rwgg-m734-wvjr

CVSS3: 7.1
github
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3

Дефекты

CWE-908