CVE-2024-57912: iio: pressure: zpa2326: fix information leak in triggered buffer
First published: Sun Jan 19 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | ||
| Linux Kernel | >=4.9<6.1.125 | |
| Linux Kernel | >=6.2<6.6.72 | |
| Linux Kernel | >=6.7<6.12.10 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| Linux Kernel | =6.13-rc5 | |
| Linux Kernel | =6.13-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287
- https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8
- https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab
- https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c
- https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a
- https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf
- https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
Frequently Asked Questions
What is the severity of CVE-2024-57912?
CVE-2024-57912 has been classified as a medium severity vulnerability due to the potential for information leakage.
How do I fix CVE-2024-57912?
To fix CVE-2024-57912, update your Linux kernel to the latest version where the vulnerability has been patched.
What systems are affected by CVE-2024-57912?
CVE-2024-57912 affects the Linux kernel, specifically the iio pressure driver zpa2326.
What type of vulnerability is CVE-2024-57912?
CVE-2024-57912 is an information leakage vulnerability in the Linux kernel related to the handling of triggered buffers.
Can CVE-2024-57912 be exploited remotely?
CVE-2024-57912 is not a remote exploit but can potentially be exploited locally by a user with access to the affected system.
- agent/type
- agent/first-publish-date
- agent/title
- agent/author
- agent/description
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- agent/event
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.9
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- version/linux kernel/6.13-rc5
- version/linux kernel/6.13-rc6