Javier Carrasco

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns an information leak in the triggered buffer of the Linux kernel's ti-ads1119 ADC driver. The `scan` local struct, used to push data to user space, contains an uninitialized hole between the sample and the timestamp. This hole is never initialized, allowing uninitialized information to be pushed to userspace. The fix involves initializing the struct to zero before using it. **Recommendations** Initialize the `scan` struct to zero before using it to avoid pushing uninitialized information to userspace. As a temporary workaround, consider restricting access to the triggered buffer in the ti-ads1119 ADC driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns an information leak in the triggered buffer of the ti-ads8688 driver in the Linux kernel. The `buffer` local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses `iio for each active channel()` to assign new values. This can lead to pushing uninitialized information to userspace. The array needs to be initialized to zero before use to avoid this issue. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the `buffer` array to zero before using it to avoid pushing uninitialized information to userspace.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns an information leak in the triggered buffer of the Rockchip SARADC driver in the Linux kernel. The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses `iio for each active channel()` to assign new values. This can lead to pushing uninitialized information to userspace. The struct needs to be initialized to zero before using it to avoid this issue. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the 'data' local struct to zero before using it to push data to user space. Restrict access to the Rockchip SARADC driver until the update is applied to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns an information leak in the triggered buffer of the Linux kernel's iio: imu: kmx61 module. The 'buffer' local array is used to push data to user space from a triggered buffer but does not set values for inactive channels, as it only uses `iio for each active channel()` to assign new values. This can lead to pushing uninitialized information to userspace. The array needs to be initialized to zero before use to avoid this issue. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the `buffer` array to zero before using it to avoid pushing uninitialized information to userspace.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns an information leak in the triggered buffer of the Linux kernel's iio light bh1745 component. The local struct 'scan' is used to send data to user space from a triggered buffer but does not initialize values for inactive channels, as it only uses `iio for each active channel()` to assign new values. This can lead to sending uninitialized information to user space. The struct should be initialized to zero before use to prevent this leak. **Recommendations** To resolve the issue, initialize the 'scan' local struct to zero before using it to push data to user space. This ensures that no uninitialized information is sent to userspace. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns an information leak in the triggered buffer of the Linux kernel's iio: light: vcnl4035 driver. The 'buffer' local array is used to push data to userspace from a triggered buffer but does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. This leaves at least 4 bytes uninitialized even after writing an integer value with regmap read(). Initializing the array to zero before using it avoids pushing uninitialized information to userspace. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the 'buffer' local array to zero before using it to avoid pushing uninitialized information to userspace. Restrict access to the vulnerable iio: light: vcnl4035 driver until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns an information leak in the Linux kernel's iio:dummy buffer. Specifically, the `data` array is allocated via `kmalloc()` and used to push data to user space from a triggered buffer. However, it does not set values for inactive channels, as it only uses `iio for each active channel()` to assign new values. This can lead to sending uninitialized information to user space. To avoid this, `kzalloc` should be used for memory allocation. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider using `kzalloc` for memory allocation in the `iio simply dummy buffer` function to avoid sending uninitialized information to user space. Restrict access to the triggered buffer to minimize the risk of exploitation until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A vulnerability has been resolved in the Linux kernel. The issue is related to the `iio: pressure: zpa2326` component, where the local `sample` struct is used to push data to user space from a triggered buffer. However, this struct has a hole between the temperature and the timestamp, which is never initialized. This could lead to sending uninitialized information to user space. The struct should be initialized to zero before use to avoid this issue. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the `sample` struct to zero before using it to push data to user space. Restrict access to the triggered buffer to minimize the risk of exploitation until the update is applied.