PT-2025-3630 · Linux+3 · Linux Kernel+3

Francesco Dolcini

Published

2024-12-07

Updated

2025-09-29

CVE-2024-57905

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns an information leak in the triggered buffer of the Linux kernel's ti-ads1119 ADC driver. The scan local struct, used to push data to user space, contains an uninitialized hole between the sample and the timestamp. This hole is never initialized, allowing uninitialized information to be pushed to userspace. The fix involves initializing the struct to zero before using it.

Recommendations Initialize the scan struct to zero before using it to avoid pushing uninitialized information to userspace. As a temporary workaround, consider restricting access to the triggered buffer in the ti-ads1119 ADC driver until a patch is available.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2025_16880

ALT-PU-2025-3467

BDU:2025-10568

CVE-2024-57905

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2025-3630 · Linux+3 · Linux Kernel+3

CVE-2024-57905

Weakness Enumeration

Related Identifiers

Affected Products

References · 343