PT-2025-3632 · Linux+7 · Linux Kernel+7
Javier Carrasco
·
Publicado
2024-12-07
·
Atualizado
2025-10-03
·
CVE-2024-57907
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue concerns an information leak in the triggered buffer of the Rockchip SARADC driver in the Linux kernel. The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses
iio for each active channel() to assign new values. This can lead to pushing uninitialized information to userspace. The struct needs to be initialized to zero before using it to avoid this issue.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the 'data' local struct to zero before using it to push data to user space. Restrict access to the Rockchip SARADC driver until the update is applied to minimize the risk of exploitation.
Exploit
Correção
Use of Uninitialized Resource
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu