logo_clicknbuy.png

CVE-2024-57910 – Linux IIO Light VCNL4035 Uninitialized Information Leak

The following table lists the changes that have been made to the
CVE-2024-57910 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jan. 19, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    iio: light: vcnl4035: fix information leak in triggered buffer

    The ‘buffer’ local array is used to push data to userspace from a
    triggered buffer, but it does not set an initial value for the single
    data element, which is an u16 aligned to 8 bytes. That leaves at least
    4 bytes uninitialized even after writing an integer value with
    regmap_read().

    Initialize the array to zero before using it to avoid pushing
    uninitialized information to userspace.
    Added Reference https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279
    Added Reference https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518
    Added Reference https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed
    Added Reference https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c
Share the Post:

Related Posts