PT-2025-3632 · Linux+7 · Linux Kernel+7
Javier Carrasco
·
Published
2024-12-07
·
Updated
2025-10-03
·
CVE-2024-57907
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue concerns an information leak in the triggered buffer of the Rockchip SARADC driver in the Linux kernel. The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses
iio for each active channel() to assign new values. This can lead to pushing uninitialized information to userspace. The struct needs to be initialized to zero before using it to avoid this issue.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the 'data' local struct to zero before using it to push data to user space. Restrict access to the Rockchip SARADC driver until the update is applied to minimize the risk of exploitation.
Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu